Close Open Privacy Scan

bolt Snapshot: commit 860817c
science engine v3
schedule 2026-07-09T19:13:37.217046+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

App Privacy Score

0 /100
High privacy risk — application leak confirmed

High risk · 6057 finding(s)

Dependency score: 0 (High risk)

bar_chart Score Breakdown

pii_flow −60
telemetry −25
egress −15
env_fs −3

list Scan Summary

115 high 842 medium 5100 low
First-party packages: 7
Dependency packages: 93
Ecosystem: python

swap_horiz Confirmed data exfiltration in application code

External domains: ai-guard.aws.us.pangea.cloudai-guard.onyx.securityapi.aim.securityapi.aisec.catonetworks.comapi.anthropic.comapi.brightdata.comapi.cohere.comapi.cursor.comapi.deepseek.comapi.descope.comapi.dynamo.aiapi.enkryptai.comapi.firecrawl.devapi.github.comapi.greptile.comapi.hconeai.comapi.hiddenlayer.aiapi.hyperbrowser.aiapi.mistral.aiapi.openai.comapi.patronus.aiapi.sarvam.aiapi.smith.langchain.comapi.us1.zseclipse.netapi.vantage.shapi.x.aiapp.crewai.comauth.hiddenlayer.aicloud.langfuse.comcognitiveservices.azure.comdocs.litellm.aidoes-not-existgenerativelanguage.googleapis.comgithub.comlog.athina.ailogfire-api.pydantic.devlogin.microsoftonline.comnexus:8800openmeter.cloudpackages.unstructured.iopypi.orgraw.githubusercontent.comserver.lasso.securityservice.api.aisecurity.paloaltonetworks.comshell.singlestore.comus.i.posthog.comv2-api.scrapegraphai.com{FONT_LOC}

high pymongo User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:111 pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:116
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:129 pkgs/python/[email protected]/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:133
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:219 pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:224
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:135 pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:141
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:89
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:100
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:48 pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:49
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:53 pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:75 pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:70
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:52 pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:47
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:78 pkgs/python/[email protected]/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:104
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:43 pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:66 pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:138 pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:145
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:60 pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:95
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:251 pkgs/python/[email protected]/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:257
high crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:52 pkgs/python/[email protected]/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59
high firecrawl-py User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:10 pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:20
high composio-core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/composio/tools/local/greptile/actions/codequery.py:71 pkgs/python/[email protected]/composio/tools/local/greptile/actions/codequery.py:107
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/cli/src/crewai_cli/model_catalog.py:550 repo/lib/cli/src/crewai_cli/model_catalog.py:551
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:27 repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:45
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:69 repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:71
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:129 repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:133
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:219 repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:224
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:135 repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:141
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:89
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:100
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:48 repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:49
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:53 repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:75 repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:70
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:52 repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:47
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:78 repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:104
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:43 repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:66 repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:138 repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:145
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:60 repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:95
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:251 repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:257
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:52 repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59
high first-party (python) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:256 repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:256
high first-party (python): lib/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/cli/src/crewai_cli/model_catalog.py:550 repo/lib/cli/src/crewai_cli/model_catalog.py:551
high first-party (python): lib/crewai User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:256 repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:256
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:27 repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:45
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:69 repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:71
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:129 repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:133
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:219 repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:224
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:135 repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:141
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:89
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:100
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:48 repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:49
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:53 repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:75 repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:70
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:52 repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:47
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:78 repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:104
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:43 repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:66 repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:138 repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:145
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:60 repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:95
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:251 repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:257
high first-party (python): lib/crewai-tools User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:52 repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59
hub Dependency data flows (53)
high uv dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/crates/uv-python/fetch-download-metadata.py:782 pkgs/python/[email protected]/crates/uv-python/fetch-download-metadata.py:794
high e2b dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/api/__init__.py:66 pkgs/python/[email protected]/e2b/api/__init__.py:65
high e2b dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/api/client/client.py:230 pkgs/python/[email protected]/e2b/api/client/client.py:232
high e2b dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/api/client/client.py:266 pkgs/python/[email protected]/e2b/api/client/client.py:268
high e2b dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/volume/client/client.py:230 pkgs/python/[email protected]/e2b/volume/client/client.py:232
high e2b dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/volume/client/client.py:266 pkgs/python/[email protected]/e2b/volume/client/client.py:268
high e2b dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/volume/client_async/__init__.py:17 pkgs/python/[email protected]/e2b/volume/client_async/__init__.py:16
high e2b dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/volume/client_sync/__init__.py:16 pkgs/python/[email protected]/e2b/volume/client_sync/__init__.py:15
high mcp dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
high crewai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai/a2a/auth/client_schemes.py:256 pkgs/python/[email protected]/src/crewai/a2a/auth/client_schemes.py:256
high mem0ai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/mem0/client/main.py:105 pkgs/python/[email protected]/mem0/client/main.py:128
high mem0ai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/mem0/client/main.py:992 pkgs/python/[email protected]/mem0/client/main.py:1015
high mem0ai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/mem0/client/main.py:1044 pkgs/python/[email protected]/mem0/client/main.py:1041
high mem0ai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/mem0/llms/sarvam.py:47 pkgs/python/[email protected]/mem0/llms/sarvam.py:81
high openai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:239 pkgs/python/[email protected]/src/openai/lib/azure.py:278
high openai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:563 pkgs/python/[email protected]/src/openai/lib/azure.py:602
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:110 pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:108
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:122 pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:136
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:541 pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:556
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1085 pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1094
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:560 pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:625
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:38 pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:41
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ovalix/ovalix.py:79 pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ovalix/ovalix.py:89
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:196 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:205
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:259 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:268
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:382 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:391
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:573 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:582
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2061 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2088
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161 pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:160
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:101 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:98
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:125 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:122
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:186 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:183
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:209 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:206
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:121 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:119
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:140 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:138
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:190 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:188
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:215 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:213
high anthropic dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384 pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384
high anthropic dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179 pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179
high crewai-cli dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:550 pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:551
high crewai-tools dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/adapters/zapier_adapter.py:27 pkgs/python/[email protected]/src/crewai_tools/adapters/zapier_adapter.py:45
high crewai-tools dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/adapters/zapier_adapter.py:69 pkgs/python/[email protected]/src/crewai_tools/adapters/zapier_adapter.py:71
high firecrawl-py dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:689 pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:687
high firecrawl-py dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:1255 pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:1253
high firecrawl-py dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/firecrawl/v1/client.py:767 pkgs/python/[email protected]/firecrawl/v1/client.py:765
high firecrawl-py dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/firecrawl/v1/client.py:1420 pkgs/python/[email protected]/firecrawl/v1/client.py:1418
high singlestoredb dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/singlestoredb/fusion/graphql.py:172 pkgs/python/[email protected]/singlestoredb/fusion/graphql.py:173
high tavily-python dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/tavily/async_tavily.py:106 pkgs/python/[email protected]/tavily/async_tavily.py:113
high tavily-python dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/tavily/async_tavily.py:59 pkgs/python/[email protected]/tavily/async_tavily.py:118
high databricks-sdk dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/databricks/sdk/config.py:600 pkgs/python/[email protected]/databricks/sdk/config.py:602
high databricks-sdk dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:340 pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:341
high databricks-sdk dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:21 pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:23

</> First-Party Code

first-party (python)

python first-party
high pii_flow production #3d427a8a07f4a80d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/cli/src/crewai_cli/model_catalog.py:551 · flow /tmp/closeopen-4a0hfpp6/repo/lib/cli/src/crewai_cli/model_catalog.py:550 → /tmp/closeopen-4a0hfpp6/repo/lib/cli/src/crewai_cli/model_catalog.py:551
    response = httpx.get(
        url,
        headers=headers,
        params=params,
        timeout=_TIMEOUT,
        verify=ssl_config,
        follow_redirects=True,
    )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #5825e20696526641 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:45 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:27 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:45
        response = requests.request(
            "POST",
            execute_url,
            headers=headers,
            json=action_params,
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #5507fe8524efcb30 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:71 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:69 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:71
        response = requests.request(
            "GET",
            ACTIONS_URL,
            headers=headers,
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #63231d35ef16f1d4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:133 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:129 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:133
            response = requests.get(
                self.search_url, headers=headers, params=payload, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0624f7ee7edc42ba User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:224 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:219 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:224
            response = requests.post(
                self.base_url, json=request_params, headers=headers, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #62888514053ba6b7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:141 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:135 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:141
            response = requests.post(
                self.base_url, json=payload, headers=headers, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #955cb46f30d8e95a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80
                result = requests.post(
                    url, headers=headers, data=config, files=file, timeout=30
                )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d94cd898c472a16c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:89 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:89
                result = requests.get(status_url, headers=headers, timeout=30)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f8485ec0c36cfc6d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:100 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:100
            result = requests.get(
                results_url,
                headers=headers,
                params={"output_types": ",".join(output_types)},
                timeout=30,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ce2dd87a17b1c453 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:49 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:48 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:49
        response = requests.get(url, headers=headers, timeout=30)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1656225ba9a984ff User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:53 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69
            result = requests.post(
                rerank_url, json=payload, headers=headers, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #05e9c8d65052effe User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:70 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:75 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:70
            response = requests.post(
                url=api_url,
                headers=headers,
                json=payload,
                timeout=60,
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ac80e0835560e117 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:47 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:52 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:47
            response = requests.get(
                actions_url,
                headers=headers,
                timeout=30,
                params={"apps": ",".join(self._apps)},
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #21c7f25470f3badf User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:104 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:78 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:104
            resp = requests.post(
                self.search_url, json=payload, headers=headers, timeout=request_timeout
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8bf8ddb5d38799f1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:43 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39
            requests.get(
                "https://api.patronus.ai/v1/evaluators",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a6982025891d243b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:66 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62
            requests.get(
                "https://api.patronus.ai/v1/evaluator-criteria",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #687458862128e9a1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:145 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:138 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:145
        response = requests.post(
            self.evaluate_url,
            headers=headers,
            data=json.dumps(data),
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #14022791c3d9a6b2 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:95 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:60 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:95
        response = requests.post(
            self.evaluate_url,
            headers=headers,
            data=json.dumps(data),
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e36faa847fc4d138 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:257 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:251 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:257
            response = requests.post(
                search_url, headers=headers, json=payload, timeout=10
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #677c19e339bce11a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:52 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59
            response = requests.post(
                api_url,
                headers=headers,
                data=payload,
                timeout=30,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e594286682d95ced User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:256 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:256 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:256
        client.auth = DigestAuth(self.username, self.password)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #7811a1f185852ce7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:22
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #11dbf06c0e798af7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:23
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c473f72303ef9bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:24
from opentelemetry.sdk.resources import SERVICE_NAME, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #44dd52f19d35838b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:25
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #73895f94df1dfa6f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:26
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    SpanExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #80b498cebee606b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:30
from opentelemetry.trace import ProxyTracerProvider, Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f806f87a40f903ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/crew.py:21
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d6e6f25fb4646966 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/crew.py:22
from opentelemetry.context import attach, detach

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dbd66c1fc2790829 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/crew.py:42
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a5565a7df7c20675 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/crews/utils.py:9
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b19ff6bbd623e528 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/flow/runtime/__init__.py:35
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #52f018ae381a650a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/flow/runtime/__init__.py:36
from opentelemetry.context import attach, detach

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #552a7207a7be1201 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:23
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4112ddc10e429462 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:24
from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
    OTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #21b420290be173cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:27
from opentelemetry.sdk.resources import SERVICE_NAME, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5f50d401789a0020 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:28
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ed174a2fe033aa7e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:29
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    SpanExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1a2768934f45d108 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:33
from opentelemetry.trace import ProxyTracerProvider, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4d07a9f371d3d35c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/utils.py:11
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1da756d6df681aff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/utilities/crew/crew_context.py:5
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 390 low-confidence finding(s)
low env_fs production #15f7111b59ced84c Environment-variable access.
repo/conftest.py:241
        os.environ["CREWAI_STORAGE_DIR"] = str(storage_dir)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77ef3cffa352adb3 Environment-variable access.
repo/conftest.py:242
        os.environ["CREWAI_TESTING"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98daa4c29c9ab5f2 Environment-variable access.
repo/conftest.py:247
            os.environ.pop("CREWAI_TESTING", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64687772c9da0dd3 Environment-variable access.
repo/conftest.py:248
            os.environ.pop("CREWAI_STORAGE_DIR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0afa38a13370809d Environment-variable access.
repo/conftest.py:249
            os.environ.pop("CREWAI_DISABLE_TELEMETRY", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b4113763db8741c Environment-variable access.
repo/conftest.py:250
            os.environ.pop("OTEL_SDK_DISABLED", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2ef3a2ede516f60 Environment-variable access.
repo/conftest.py:251
            os.environ.pop("OPENAI_BASE_URL", "https://api.openai.com/v1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdcd3e55219351f2 Environment-variable access.
repo/conftest.py:252
            os.environ.pop("OPENAI_API_BASE", "https://api.openai.com/v1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68465b73db6d439b Environment-variable access.
repo/conftest.py:416
        "record_mode": os.getenv("PYTEST_VCR_RECORD_MODE", "once"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52798f0c258297b1 Environment-variable access.
repo/conftest.py:424
    if os.getenv("GITHUB_ACTIONS") == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be4a684ed8debfef Filesystem access.
repo/lib/cli/src/crewai_cli/checkpoint_cli.py:85
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #034b99215201d217 Filesystem access.
repo/lib/cli/src/crewai_cli/checkpoint_cli.py:233
            with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #904d0772a20939dd Filesystem access.
repo/lib/cli/src/crewai_cli/checkpoint_cli.py:254
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9786c2952fab1b9 Filesystem access.
repo/lib/cli/src/crewai_cli/checkpoint_cli.py:265
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73c594003bc7341f Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:694
    if os.environ.get("CREWAI_EXPERIMENTAL") != "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e68de405d197df32 Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:956
    crewai_tracing = os.getenv("CREWAI_TRACING_ENABLED", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23d93a9d9aa7434e Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:970
    crewai_testing = os.getenv("CREWAI_TESTING", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c242be6154011cc4 Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:974
    crewai_user_id = os.getenv("CREWAI_USER_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce73572d3d22aebc Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:978
    crewai_org_id = os.getenv("CREWAI_ORG_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a55344b861761d9 Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:1072
    env_enabled = os.getenv("CREWAI_TRACING_ENABLED", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05ba2d25c2a75926 Filesystem access.
repo/lib/cli/src/crewai_cli/create_crew.py:32
    with open(template_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7382f007880466bb Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:47
    with open(project_root / ".env", "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd9621e8674c7ff3 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:70
            with open(src_file, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a1cbc753d25deb2 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:83
        with open(dst_file, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4139b2d710afef1 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:142
        content = src_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #937edce5b0ccae17 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:149
        dst_file.write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #628fa043d333017d Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:151
    (project_root / ".env").write_text("OPENAI_API_KEY=YOUR_API_KEY", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e6221b6e7575433 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:152
    (package_root / "__init__.py").write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79c9b7b301ab7ce6 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:154
        (package_root / folder / ".gitkeep").write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e04752847ea3ddb Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:830
    path.write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e558101db5809078 Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:932
    (folder_path / "pyproject.toml").write_text(
        _render_json_crew_template(
            "pyproject.toml",
            {
                "folder_name": folder_name,
                "name": name,
                "crewai_tools_dependency": get_crewai_tools_dependency(),
            },
        ),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25d1ba887e0a0b36 Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:945
    (folder_path / ".gitignore").write_text(
        _render_json_crew_template(".gitignore"),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #620fcada4a1782bb Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:951
    (folder_path / "README.md").write_text(
        _render_json_crew_template("README.md", {"name": name}),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05d8f773af4d7344 Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:957
    (folder_path / "knowledge" / "user_preference.txt").write_text(
        _render_json_crew_template("knowledge/user_preference.txt"),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9677d5fffe530ca1 Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:963
    (folder_path / "skills" / ".gitkeep").write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a8950752c5785c4 Filesystem access.
repo/lib/cli/src/crewai_cli/crew_run_tui.py:67
            content = env_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29004016189042d1 Filesystem access.
repo/lib/cli/src/crewai_cli/crew_run_tui.py:71
            env_file.write_text(f"{content}{sep}{key}=true\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cef6f52dd1f0b27 Filesystem access.
repo/lib/cli/src/crewai_cli/crew_run_tui.py:73
            env_file.write_text(f"{key}=true\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f44417418689212 Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:286
            referenced.update(pattern.findall(crew_path.read_text(errors="ignore")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cdbede4a544463c Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:296
                    pattern.findall(agent_path.read_text(errors="ignore"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b347cfdfceb42698 Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:305
                text = py_path.read_text(encoding="utf-8", errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58003f2ffb926b5e Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:321
            for line in env_file.read_text(errors="ignore").splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6757110b71c97069 Environment-variable access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:332
            and var not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92319b5e2f6cd8a9 Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:873
                text = path.read_text(encoding="utf-8", errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a594c6653735904 Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:880
                text = path.read_text(encoding="utf-8", errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbf1f97d5a8d49df Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:888
            for line in env_file.read_text(errors="ignore").splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b4553fcafe98fba Environment-variable access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:899
            and var not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b078e4cb93f9dbe Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:931
            text = lockfile.read_text(errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4317a5e62aefe311 Filesystem access.
repo/lib/cli/src/crewai_cli/experimental/skills/main.py:66
        skill_md.write_text(_SKILL_MD_TEMPLATE.format(name=name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #875506992d7d850d Filesystem access.
repo/lib/cli/src/crewai_cli/experimental/skills/main.py:173
                (cache_dir / ".crewai_meta.json").write_text(json.dumps(meta, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #190309c7f0b5843b Filesystem access.
repo/lib/cli/src/crewai_cli/experimental/skills/main.py:189
            frontmatter = self._parse_frontmatter(skill_md.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc38d6314942e97b Filesystem access.
repo/lib/cli/src/crewai_cli/experimental/skills/main.py:280
                            meta = json.loads(meta_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f76efc26a9da48a5 Filesystem access.
repo/lib/cli/src/crewai_cli/experimental/skills/main.py:371
            fm = self._parse_frontmatter(skill_md.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a03481628f7c3d26 Filesystem access.
repo/lib/cli/src/crewai_cli/git.py:166
        existing = exclude_file.read_text() if exclude_file.exists() else ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ab5706815527c28 Filesystem access.
repo/lib/cli/src/crewai_cli/git.py:178
        exclude_file.write_text(
            f"{existing}{prefix}# CrewAI deploy auto-commit excludes\n{patterns}\n"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6f80f39c7a7a6da Environment-variable access.
repo/lib/cli/src/crewai_cli/model_catalog.py:79
        value = os.environ.get(env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ba7a4d0b2bd4c69 Environment-variable access.
repo/lib/cli/src/crewai_cli/model_catalog.py:302
        os.environ.get("OLLAMA_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e6b3e04393d1850 Environment-variable access.
repo/lib/cli/src/crewai_cli/model_catalog.py:303
        or os.environ.get("API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c9d73170139d8f6 Environment-variable access.
repo/lib/cli/src/crewai_cli/model_catalog.py:304
        or os.environ.get("OLLAMA_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83fc5cb3be7344ea Filesystem access.
repo/lib/cli/src/crewai_cli/model_catalog.py:414
        cache_file.write_text(json.dumps(data), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6699d604a5d5d74 Environment-variable access.
repo/lib/cli/src/crewai_cli/model_catalog.py:550
    ssl_config = os.environ.get("SSL_CERT_FILE") or certifi.where()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #792dd7f5580a37a3 Filesystem access.
repo/lib/cli/src/crewai_cli/model_catalog.py:585
        data: dict[str, Any] = json.loads(path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3318fa773a39cc4 Filesystem access.
repo/lib/cli/src/crewai_cli/model_catalog.py:673
        cache_file.write_text(json.dumps(payload), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d98f951471658677 Filesystem access.
repo/lib/cli/src/crewai_cli/provider.py:149
        with open(cache_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #047ea4c147b37ea1 Environment-variable access.
repo/lib/cli/src/crewai_cli/provider.py:165
    ssl_config = os.environ["SSL_CERT_FILE"] = certifi.where()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b43f858e229fba40 Filesystem access.
repo/lib/cli/src/crewai_cli/provider.py:171
            with open(cache_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ed44e5389a720f70 Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/cli/src/crewai_cli/remote_template/main.py:166
                response = httpx.get(url, params=params, timeout=15)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #492e1b3d29e3f16b Filesystem access.
repo/lib/cli/src/crewai_cli/remote_template/main.py:249
                    with zf.open(member) as src, open(target, "wb") as dst:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4d0898025027360 Environment-variable access.
repo/lib/cli/src/crewai_cli/run_crew.py:321
        os.environ[CREWAI_TRAINED_AGENTS_FILE_ENV] = trained_agents_file

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b28ac80c0addadb4 Environment-variable access.
repo/lib/cli/src/crewai_cli/run_declarative_flow.py:319
    return os.environ.get("UV_RUN_RECURSION_DEPTH") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #380d6b39a71abc90 Environment-variable access.
repo/lib/cli/src/crewai_cli/settings/main.py:45
        env_tracing = os.getenv("CREWAI_TRACING_ENABLED", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4134f413e86ed951 Filesystem access.
repo/lib/cli/src/crewai_cli/templates/flow/main.py:49
        with open(output_dir / "post.md", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d3ace7a9030363f Environment-variable access.
repo/lib/cli/src/crewai_cli/tools/main.py:147
        build_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22204fdced87b2bb Filesystem access.
repo/lib/cli/src/crewai_cli/tools/main.py:180
            with open(tarball_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c5be3217504dbca Filesystem access.
repo/lib/cli/src/crewai_cli/update_crew.py:96
    with open(output_file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ee9e18e5e0f53ca Environment-variable access.
repo/lib/cli/src/crewai_cli/utils.py:53
    value = os.environ.get("CREWAI_DMN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c36d91c4d7c3a844 Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:86
    with open(dst, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a80bd92abab57d88 Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:94
    content = src.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25ea633aaf1d2cd2 Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:104
        with open(env_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11ccd73dd2b09cce Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:142
            with open(filepath, "r", encoding="utf-8", errors="ignore") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb00be3845b40435 Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:144
            with open(filepath, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef2ebe2e5f3233df Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:165
        with open(env_file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f1e23954994c290 Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:176
    with open(env_file_path, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dd225f8b8a911b0 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/lock_store.py:33
_REDIS_URL: str | None = os.environ.get("REDIS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #083cce6246524964 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/paths.py:13
    return os.environ.get("CREWAI_STORAGE_DIR", Path.cwd().name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #334f0013774a85f3 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/plus_api.py:168
            os.getenv("CREWAI_PLUS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d97393e5043768a Filesystem access.
repo/lib/crewai-core/src/crewai_core/project.py:26
    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bfbe0e09c440ddf Filesystem access.
repo/lib/crewai-core/src/crewai_core/project.py:163
        with open(pyproject_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa326b3657d248a8 Filesystem access.
repo/lib/crewai-core/src/crewai_core/settings.py:97
                test_file.write_text("test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e9ce69fb524f205 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/telemetry.py:125
            os.getenv("OTEL_SDK_DISABLED", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f97a1a5dba956ea5 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/telemetry.py:126
            or os.getenv("CREWAI_DISABLE_TELEMETRY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9aed1496ec518461 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/telemetry.py:127
            or os.getenv("CREWAI_DISABLE_TRACKING", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77658538f757ddf3 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/token_manager.py:88
            base_path = os.environ.get("LOCALAPPDATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #897b58a1d4532985 Filesystem access.
repo/lib/crewai-core/src/crewai_core/token_manager.py:150
            with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ad9ca28d72009d3 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/tool_credentials.py:24
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8703a37cfaa4f58d Environment-variable access.
repo/lib/crewai-core/src/crewai_core/tool_credentials.py:42
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5c4bb0e7b699bda Filesystem access.
repo/lib/crewai-core/src/crewai_core/user_data.py:39
            return cast(dict[str, Any], json.loads(p.read_text()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c7d39c78a765081 Filesystem access.
repo/lib/crewai-core/src/crewai_core/user_data.py:49
        p.write_text(json.dumps(data, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d0386b2a680a8a0 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/user_data.py:86
    if os.getenv("CREWAI_TRACING_ENABLED", "false").lower() in ("true", "1"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6664fa2905d3f9b Filesystem access.
repo/lib/crewai-core/src/crewai_core/version.py:117
            cache_data = json.loads(cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #354e27ac1b86d151 Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-core/src/crewai_core/version.py:125
        with request.urlopen(
            "https://pypi.org/pypi/crewai/json", timeout=timeout
        ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b2299d799467088b Filesystem access.
repo/lib/crewai-core/src/crewai_core/version.py:142
            cache_file.write_text(json.dumps(cache_data))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56f27e3e04fab4a3 Filesystem access.
repo/lib/crewai-core/src/crewai_core/version.py:154
            cache_data = json.loads(cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcb7bbaba4a2b75f Filesystem access.
repo/lib/crewai-core/src/crewai_core/version.py:168
        cache_data = json.loads(cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f4555d609d20c80 Filesystem access.
repo/lib/crewai-files/src/crewai_files/core/sources.py:263
            self._content = self.path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c500fd3eee95488a Filesystem access.
repo/lib/crewai-files/src/crewai_files/core/sources.py:282
        with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5697c05cfc2622c Environment-variable access.
repo/lib/crewai-files/src/crewai_files/formatting/api.py:294
        s3_bucket = os.environ.get("CREWAI_BEDROCK_S3_BUCKET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2405d157fbe1d981 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/formatting/api.py:333
        s3_bucket_owner = os.environ.get("CREWAI_BEDROCK_S3_BUCKET_OWNER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #411a7aa7097b9beb Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/anthropic.py:39
        self._api_key = api_key or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95e9319f735548f7 Filesystem access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:94
    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52e126e94ead104c Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:128
        self._bucket_name = bucket_name or os.environ.get("CREWAI_BEDROCK_S3_BUCKET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d2fa1f4f3eefe25 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:129
        self._bucket_owner = bucket_owner or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baa369128cd4baf7 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:129
        self._bucket_owner = bucket_owner or os.environ.get(
            "CREWAI_BEDROCK_S3_BUCKET_OWNER"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7a28671e0097ffe Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:133
        self._region = region or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a046a79828e9b1f7 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:133
        self._region = region or os.environ.get(
            "AWS_REGION", os.environ.get("AWS_DEFAULT_REGION")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69e7b8c0691be7a6 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:134
            "AWS_REGION", os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d95e549493db66c4 Filesystem access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:269
                with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c75f440ceebc4912 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/factory.py:192
            not os.environ.get("CREWAI_BEDROCK_S3_BUCKET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad99358ea6a0551d Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/gemini.py:108
        self._api_key = api_key or os.environ.get("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbcc12ec1aa9cc17 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/openai.py:136
        self._api_key = api_key or os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ceacf54412c313a5 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/adapters/enterprise_adapter.py:14
    base_url = os.getenv("CREWAI_PLUS_URL", "https://app.crewai.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4872295e40828413 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/adapters/enterprise_adapter.py:419
        token = enterprise_action_token or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8508027e6c2e17d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/adapters/enterprise_adapter.py:419
        token = enterprise_action_token or os.environ.get(
            "CREWAI_ENTERPRISE_TOOLS_TOKEN"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b902cd067500efe8 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:62
        self.api_key = api_key or os.getenv("ZAPIER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d5500519eda9259 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:60
        self.agent_id = agent_id or os.getenv("BEDROCK_AGENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67d5d5acad7fb642 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:61
        self.agent_alias_id = agent_alias_id or os.getenv("BEDROCK_AGENT_ALIAS_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc415e0bb30c73c0 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:105
                region_name=os.getenv(
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-west-2")
                ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23f9bafedbcf4200 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:106
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #517213f5cafb99c5 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/knowledge_base/retriever_tool.py:60
        self.knowledge_base_id = knowledge_base_id or os.getenv("BEDROCK_KB_ID")  # type: ignore[assignment]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eca8c00c9d1bd865 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/knowledge_base/retriever_tool.py:196
                region_name=os.getenv(
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-east-1")
                ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #017a855f72e5c0ec Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/knowledge_base/retriever_tool.py:197
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2e34afe0a5a9e36 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/reader_tool.py:35
                region_name=os.getenv("CREW_AWS_REGION", "us-east-1"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7e209725ecccae2 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/reader_tool.py:36
                aws_access_key_id=os.getenv("CREW_AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86378b1273404a7f Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/reader_tool.py:37
                aws_secret_access_key=os.getenv("CREW_AWS_SEC_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20830d394289159b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/writer_tool.py:36
                region_name=os.getenv("CREW_AWS_REGION", "us-east-1"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b934ad19851cec62 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/writer_tool.py:37
                aws_access_key_id=os.getenv("CREW_AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ee21ec8715415b7 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/writer_tool.py:38
                aws_secret_access_key=os.getenv("CREW_AWS_SEC_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c250461185073be Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/generate_tool_specs.py:190
        with open(output_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb60511983253163 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/rag/embedding_service.py:108
            return os.getenv(env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c83693f33d3847e Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/rag/loaders/csv_loader.py:29
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #563e7fa35c3deaf0 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/rag/loaders/json_loader.py:28
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31c2589ae5f21836 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/rag/loaders/mdx_loader.py:36
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2990c94dfe573a1 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/rag/loaders/text_loader.py:15
        with open(source_content.source, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81b239bf60c51e5c Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/rag/loaders/xml_loader.py:37
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16bbd047ccf2d54d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/security/safe_path.py:52
    return os.environ.get(_UNSAFE_PATHS_ENV, "").lower() in ("true", "1", "yes")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6227c537fc2ab4bb Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/ai_mind_tool/ai_mind_tool.py:47
        self.api_key = api_key or os.getenv("MINDS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d9dcb48a5c9e4c2 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/apify_actors_tool/apify_actors_tool.py:58
        if not os.environ.get("APIFY_API_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bf9f152e6d03b55 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/base.py:26
    with open(filename, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a99b4577a7b2952b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/base.py:126
        self._api_key = api_key or os.environ.get("BRAVE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd38d8836b858af1 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:55
        if "BRAVE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a240bd9f25b82226 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:129
                "X-Subscription-Token": os.environ["BRAVE_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd67195a3631d867 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:20
            API_URL=os.environ.get("BRIGHTDATA_API_URL", "https://api.brightdata.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eacab4f8bac0ad7d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:21
            DEFAULT_TIMEOUT=int(os.environ.get("BRIGHTDATA_DEFAULT_TIMEOUT", "600")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08d9da490fe18841 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:23
                os.environ.get("BRIGHTDATA_DEFAULT_POLLING_INTERVAL", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ed3fe5eb51c404e Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:481
        api_key = os.getenv("BRIGHT_DATA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ca7cb50f1c11241 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:578
        api_key = os.getenv("BRIGHT_DATA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c492ff698fa30c05 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:18
            API_URL=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4390633f87438566 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:18
            API_URL=os.environ.get(
                "BRIGHTDATA_API_URL", "https://api.brightdata.com/request"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b0d11b51ab2ca59 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:125
        self.api_key = os.getenv("BRIGHT_DATA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee4f25c6c14ac67c Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:126
        self.zone = os.getenv("BRIGHT_DATA_ZONE") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #400bf29245106e9a Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:19
            API_URL=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0215764e71a4a5fb Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:19
            API_URL=os.environ.get(
                "BRIGHTDATA_API_URL", "https://api.brightdata.com/request"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1024923a07117771 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:99
        self.api_key = os.getenv("BRIGHT_DATA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d032514f20d71169 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:100
        self.zone = os.getenv("BRIGHT_DATA_ZONE") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #319bae96cf5c795b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/browserbase_load_tool/browserbase_load_tool.py:16
    api_key: str | None = os.getenv("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9026dcc2d9ee2338 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/browserbase_load_tool/browserbase_load_tool.py:17
    project_id: str | None = os.getenv("BROWSERBASE_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2be54e85caacf8b Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_create_agent_tool/contextual_create_agent_tool.py:65
                with open(doc_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9809dc8d642f3778 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:78
            with open(file_path, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e37a3a6b3a1cc5b3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80
                result = requests.post(
                    url, headers=headers, data=config, files=file, timeout=30
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cdcf446e7ec5ae7a Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69
            result = requests.post(
                rerank_url, json=payload, headers=headers, timeout=30
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #fb11f19370898d3f Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:75
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3482540a83d6ab77 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:52
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd6d99dd30fbf19b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/misc.py:6
    base_url = os.getenv("CREWAI_PLUS_URL", "https://app.crewai.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32f52bb741b7097f Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/misc.py:12
    token = os.getenv("CREWAI_PLATFORM_INTEGRATION_TOKEN") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f95f820f352c61d4 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/databricks_query_tool/databricks_query_tool.py:145
        has_profile = "DATABRICKS_CONFIG_PROFILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c822f71df129cb12 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/databricks_query_tool/databricks_query_tool.py:147
            "DATABRICKS_HOST" in os.environ and "DATABRICKS_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #477647641105f115 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/daytona_base_tool.py:35
        default_factory=lambda: os.getenv("DAYTONA_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22ea9f59db0e1abc Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/daytona_base_tool.py:40
        default_factory=lambda: os.getenv("DAYTONA_API_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a8c2d7bc7f33c58 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/daytona_base_tool.py:45
        default_factory=lambda: os.getenv("DAYTONA_TARGET"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fef4baa6a943027 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/e2b_sandbox_tool/e2b_base_tool.py:36
            SecretStr(val) if (val := os.getenv("E2B_API_KEY")) else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ca508354194235c Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/e2b_sandbox_tool/e2b_base_tool.py:43
        default_factory=lambda: os.getenv("E2B_DOMAIN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43a3496737788f4c Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/exa_tools/exa_search_tool.py:58
        default_factory=lambda: os.getenv("EXA_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2284a7c01803530b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/exa_tools/exa_search_tool.py:63
        default_factory=lambda: os.getenv("EXA_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55c72a8141e1be56 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/file_read_tool/file_read_tool.py:93
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94f9a45caf8c8f39 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/file_writer_tool/file_writer_tool.py:70
            with open(real_filepath, mode) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5f703e21923e5a0 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/generate_crewai_automation_tool/generate_crewai_automation_tool.py:28
        default_factory=lambda: os.getenv("CREWAI_PLUS_URL", "https://app.crewai.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7eb0a486920efeaf Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/generate_crewai_automation_tool/generate_crewai_automation_tool.py:32
        default_factory=lambda: os.getenv("CREWAI_PERSONAL_ACCESS_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb23571db818d6af Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/hyperbrowser_load_tool/hyperbrowser_load_tool.py:49
        self.api_key = api_key or os.getenv("HYPERBROWSER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec6199bc2c121ebe Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/linkup/linkup_search_tool.py:54
        self._client = LinkupClient(api_key=api_key or os.getenv("LINKUP_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2115e7b589387f28 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/merge_agent_handler_tool/merge_agent_handler_tool.py:65
        api_key = os.environ.get("AGENT_HANDLER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ffd9941b1c6b22b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/mongodb_vector_search_tool/vector_search.py:124
        if "AZURE_OPENAI_ENDPOINT" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a36886d536d9a59 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/mongodb_vector_search_tool/vector_search.py:126
        elif "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4cf1019c8ba34a50 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/multion_tool/example.py:7
os.environ["OPENAI_API_KEY"] = "Your Key"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2a1ecca62eeaab6 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/multion_tool/multion_tool.py:52
        self.multion = MultiOn(api_key=api_key or os.getenv("MULTION_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b16ff2ca39f02e74 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/nl2sql/nl2sql_tool.py:256
        if os.environ.get("CREWAI_NL2SQL_ALLOW_DML", "").strip().lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #100a4addd730539b Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/ocr_tool/ocr_tool.py:104
        with open(image_path, "rb") as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fcb5131f43f50d7 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_amazon_product_scraper_tool/oxylabs_amazon_product_scraper_tool.py:146
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1013cb81794d80af Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_amazon_product_scraper_tool/oxylabs_amazon_product_scraper_tool.py:147
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e962f46434adbc9 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_amazon_search_scraper_tool/oxylabs_amazon_search_scraper_tool.py:148
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52b6d96dff0bf0a3 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_amazon_search_scraper_tool/oxylabs_amazon_search_scraper_tool.py:149
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c147a97175d98eb1 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_google_search_scraper_tool/oxylabs_google_search_scraper_tool.py:151
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2715d7fd0ef83752 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_google_search_scraper_tool/oxylabs_google_search_scraper_tool.py:152
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1d98b54beb677dc Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_universal_scraper_tool/oxylabs_universal_scraper_tool.py:142
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bca1321167c4ba1 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_universal_scraper_tool/oxylabs_universal_scraper_tool.py:143
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e2a58fcffaf2f26 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:78
        api_key = os.environ.get("PARALLEL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #933f67a6d122fa8f Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39
            requests.get(
                "https://api.patronus.ai/v1/evaluators",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #70d9f54ce6eb776a Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:43
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #321434952ffcd8f7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62
            requests.get(
                "https://api.patronus.ai/v1/evaluator-criteria",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #30e4e5bcdc8f8b76 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:66
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ec766e49cf0fc71 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:138
        api_key = os.getenv("PATRONUS_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31dd2abfd0fd0c17 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:60
        api_key = os.getenv("PATRONUS_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8216870ab5ce0ee Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/qdrant_vector_search_tool/qdrant_search_tool.py:113
                    .Client(api_key=os.getenv("OPENAI_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c73b75646e1b02bd Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/scrape_element_from_website/scrape_element_from_website.py:68
                self.cookies = {cookies["name"]: os.getenv(cookies["value"]) or ""}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe9931b4713d1360 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/scrape_website_tool/scrape_website_tool.py:67
                self.cookies = {cookies["name"]: os.getenv(cookies["value"]) or ""}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea68a1c158e307bf Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/scrapegraph_scrape_tool/scrapegraph_scrape_tool.py:113
        self.api_key = api_key or os.getenv("SCRAPEGRAPH_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac57ba346fda2326 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/scrapfly_scrape_website_tool/scrapfly_scrape_website_tool.py:66
        self.scrapfly = ScrapflyClient(key=api_key or os.getenv("SCRAPFLY_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a549749bd0b5930 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serpapi_tool/serpapi_base_tool.py:44
        api_key = os.getenv("SERPAPI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eab78dcc9b4d86f5 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:94
        with open(filename, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d0cbee19b74fa1e Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:251
            "X-API-KEY": os.environ["SERPER_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a7b067cb9c762a1 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:52
            api_key = os.getenv("SERPER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #65c1951995167d4e Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59
            response = requests.post(
                api_url,
                headers=headers,
                data=payload,
                timeout=30,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #d459d10b2cf561ff Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serply_api_tool/serply_job_search_tool.py:47
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b00f5191c59533cf Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serply_api_tool/serply_news_search_tool.py:47
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #140304fa7ef6ded2 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serply_api_tool/serply_scholar_search_tool.py:51
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f623a733adba574 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serply_api_tool/serply_web_search_tool.py:67
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3fec4f130b20b4e Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serply_api_tool/serply_webpage_to_markdown_tool.py:31
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d114ae2c15587065 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/snowflake_search_tool/snowflake_search_tool.py:188
            with open(self.config.private_key_path, "rb") as key_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc2d86080a71f1c9 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/example.py:34
browserbase_api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2761717120df01e Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/example.py:35
browserbase_project_id = os.environ.get("BROWSERBASE_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bea2d30286404c9d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/example.py:36
model_api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7bb0efdd5937161 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:208
        self.api_key = api_key or os.getenv("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b7018ab3bb3607c Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:209
        self.project_id = project_id or os.getenv("BROWSERBASE_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c09603237855b03c Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:263
            return self.model_api_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #059aad7145b40b4d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:265
            return self.model_api_key or os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #423db14aa38c6e48 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:267
            return self.model_api_key or os.getenv("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27442dedf49f4c06 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:271
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48fd961b342335d0 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:272
            or os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0eea50fdba65080d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/tavily_extractor_tool/tavily_extractor_tool.py:62
        default_factory=lambda: os.getenv("TAVILY_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9117f38dceb3885b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/tavily_get_research_tool/tavily_get_research_tool.py:56
            api_key = os.getenv("TAVILY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e29ac30fa89abc1d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/tavily_research_tool/tavily_research_tool.py:92
            api_key = os.getenv("TAVILY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #762379f88b7418be Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/tavily_search_tool/tavily_search_tool.py:61
        default_factory=lambda: os.getenv("TAVILY_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d7ebad50a0b5c7f Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/vision_tool/vision_tool.py:140
        with open(image_path, "rb") as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #582cdc98ae868b62 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/weaviate_tool/vector_search.py:89
            openai_api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c91e730b291ba3a4 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/zapier_action_tool/zapier_action_tool.py:23
        zapier_api_key = os.getenv("ZAPIER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #495aa5bf573aaa8f Filesystem access.
repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:112
            root_certs = Path(self.ca_cert_path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56a7fbe58b731020 Filesystem access.
repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:115
            private_key = Path(self.client_key_path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2354d9c90d758002 Filesystem access.
repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:116
            certificate_chain = Path(self.client_cert_path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7214412dcdda59a9 Environment-variable access.
repo/lib/crewai/src/crewai/a2a/auth/server_schemes.py:151
        return os.environ.get("AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ff76122e9ec828e Filesystem access.
repo/lib/crewai/src/crewai/a2a/config.py:130
            return Path(self.private_key_path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bdb198e95577f74 Environment-variable access.
repo/lib/crewai/src/crewai/a2a/utils/task.py:102
_redis_url = os.environ.get("REDIS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #491e0645b176b461 Environment-variable access.
repo/lib/crewai/src/crewai/agent/core.py:1209
            else os.getenv(CREWAI_TRAINED_AGENTS_FILE_ENV, TRAINED_AGENTS_DATA_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95b1a431315eb65c Environment-variable access.
repo/lib/crewai/src/crewai/context.py:47
        token = os.getenv("CREWAI_PLATFORM_INTEGRATION_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e18dade2bffd7680 Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/trace_listener.py:194
            "user_id": os.getenv("CREWAI_USER_ID", "anonymous"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0620168c0b5a9c27 Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/trace_listener.py:195
            "organization_id": os.getenv("CREWAI_ORG_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dabe0aca2339c58e Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:128
    env_value = os.getenv("CREWAI_TRACING_ENABLED", "").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7996d9921ac203d Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:188
    return os.environ.get("CREWAI_TESTING", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb096f0fc5f980e7 Filesystem access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:297
                content = path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #751fc75b6f9ff3bc Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:341
            container_id = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b6926b7ee514b6a Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:341
            container_id = os.environ.get(
                "HOSTNAME", os.environ.get("CONTAINER_ID", "")
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42eda971e780c4cf Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:342
                "HOSTNAME", os.environ.get("CONTAINER_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c29ef627999329e Filesystem access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:380
        p.write_text(json.dumps(data, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b883c2f93ae1d047 Filesystem access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:412
        p.write_text(json.dumps(data, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f5cd7d3447ccc4e Environment-variable access.
repo/lib/crewai/src/crewai/events/utils/console_formatter.py:70
        if os.getenv("CI", "").lower() in ("true", "1"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12895cccea628541 Environment-variable access.
repo/lib/crewai/src/crewai/events/utils/console_formatter.py:73
        if os.getenv("CREWAI_DISABLE_VERSION_CHECK", "").lower() in ("true", "1"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94479cf6eb2949a1 Filesystem access.
repo/lib/crewai/src/crewai/experimental/evaluation/experiment/result.py:42
            with open(filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0a6915a1617c5f9 Filesystem access.
repo/lib/crewai/src/crewai/experimental/evaluation/experiment/result.py:58
                with open(baseline_filepath, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00ea8669d201c8cc Filesystem access.
repo/lib/crewai/src/crewai/experimental/evaluation/experiment/result.py:73
                with open(baseline_filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #436370b27e6eccc1 Filesystem access.
repo/lib/crewai/src/crewai/experimental/evaluation/experiment/result.py:91
            with open(baseline_filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b29edf48ebe582c0 Environment-variable access.
repo/lib/crewai/src/crewai/experimental/skills/_flag.py:16
    return os.environ.get(ENV_VAR) == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13142fe8aa15c4d5 Filesystem access.
repo/lib/crewai/src/crewai/experimental/skills/cache.py:91
        (skill_dir / _META_FILENAME).write_text(json.dumps(meta, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #922b91b05b228871 Filesystem access.
repo/lib/crewai/src/crewai/experimental/skills/cache.py:106
                        results.append(json.loads(meta_file.read_text()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ea358b333a2a94c Environment-variable access.
repo/lib/crewai/src/crewai/experimental/skills/registry.py:76
        os.environ.get("CI") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae068cf415393d24 Environment-variable access.
repo/lib/crewai/src/crewai/experimental/skills/registry.py:77
        or os.environ.get("CREWAI_NONINTERACTIVE") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3be559b20159e6be Filesystem access.
repo/lib/crewai/src/crewai/flow/flow_definition.py:824
            contents = source_path.expanduser().read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d25c793d05821cf7 Environment-variable access.
repo/lib/crewai/src/crewai/flow/runtime/_actions.py:238
        raw = os.environ.get(_ALLOW_SCRIPT_EXECUTION_ENV_VAR, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #108ad9ee9b35eb4f Filesystem access.
repo/lib/crewai/src/crewai/flow/skill.py:90
    example_yaml = (_TEMPLATES_DIR / "flow_definition_example.yaml").read_text(
        encoding="utf-8"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6447023d4043d4e1 Filesystem access.
repo/lib/crewai/src/crewai/flow/visualization/renderers/interactive.py:414
    css_content = css_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #025b540e563bdc25 Filesystem access.
repo/lib/crewai/src/crewai/flow/visualization/renderers/interactive.py:421
    css_output_path.write_text(css_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc368e01856a21f8 Filesystem access.
repo/lib/crewai/src/crewai/flow/visualization/renderers/interactive.py:424
    js_content = js_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #629344e5d3345df0 Filesystem access.
repo/lib/crewai/src/crewai/flow/visualization/renderers/interactive.py:438
    js_output_path.write_text(js_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #451d8f7421a50937 Filesystem access.
repo/lib/crewai/src/crewai/flow/visualization/renderers/interactive.py:461
    output_path.write_text(html_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb505d743cdcd4b8 Environment-variable access.
repo/lib/crewai/src/crewai/knowledge/knowledge.py:66
os.environ["TOKENIZERS_PARALLELISM"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee0d692cfb1c8457 Filesystem access.
repo/lib/crewai/src/crewai/knowledge/source/csv_knowledge_source.py:17
            with open(file_path, "r", encoding="utf-8") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ef328e8e176fa2f Filesystem access.
repo/lib/crewai/src/crewai/knowledge/source/json_knowledge_source.py:18
            with open(path, "r", encoding="utf-8") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce7300dbf60c88c0 Filesystem access.
repo/lib/crewai/src/crewai/knowledge/source/text_file_knowledge_source.py:17
            with open(path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55b2636356966ea4 Environment-variable access.
repo/lib/crewai/src/crewai/llm.py:2484
            success_callbacks_str = os.environ.get("LITELLM_SUCCESS_CALLBACKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b75724bfcc5dbe3a Environment-variable access.
repo/lib/crewai/src/crewai/llm.py:2491
            failure_callbacks_str = os.environ.get("LITELLM_FAILURE_CALLBACKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14f635783b04f349 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/anthropic/completion.py:256
            self.api_key = os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64ebf43e4e03c737 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:122
        data["api_key"] = data.get("api_key") or os.getenv("AZURE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4cb7ff6147f81cb Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:125
            or os.getenv("AZURE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a0c44a7b6f9b76f Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:126
            or os.getenv("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db8543b65cba5b12 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:127
            or os.getenv("AZURE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c31a3f5cac34e1a Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:130
            data.get("api_version") or os.getenv("AZURE_API_VERSION") or "2024-06-01"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a6f84c5dd3badeb Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:164
        raw = os.getenv("AZURE_CREDENTIAL_SCOPES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78660b7ff89e02ef Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:271
            self.api_key = os.getenv("AZURE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #110b72c3d11297f8 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:274
                os.getenv("AZURE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2373c479d0057ede Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:275
                or os.getenv("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #100c20f384434b26 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:276
                or os.getenv("AZURE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6e4eec6f3ecb759 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/bedrock/completion.py:275
        data["aws_access_key_id"] = data.get("aws_access_key_id") or os.getenv(
            "AWS_ACCESS_KEY_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7dd8fc4bd273c415 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/bedrock/completion.py:278
        data["aws_secret_access_key"] = data.get("aws_secret_access_key") or os.getenv(
            "AWS_SECRET_ACCESS_KEY"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0bf1e8862f723fd Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/bedrock/completion.py:281
        data["aws_session_token"] = data.get("aws_session_token") or os.getenv(
            "AWS_SESSION_TOKEN"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42aec77524c5e4e2 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/bedrock/completion.py:286
            or os.getenv("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12172adb5f16dee4 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/bedrock/completion.py:287
            or os.getenv("AWS_REGION_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8489bda0c41500e2 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:84
            or os.getenv("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10f0450ca87c1284 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:85
            or os.getenv("GEMINI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #930a6f4942600f1b Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:87
        data["project"] = data.get("project") or os.getenv("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f0ac17bb5d234af Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:89
            data.get("location") or os.getenv("GOOGLE_CLOUD_LOCATION") or "us-central1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6ff7e9d70ce44ad Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:94
            use_vx = os.getenv("GOOGLE_GENAI_USE_VERTEXAI", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46d5b3c186505f37 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:133
                self.api_key = os.getenv("GOOGLE_API_KEY") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3603439831f92f6b Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:133
                self.api_key = os.getenv("GOOGLE_API_KEY") or os.getenv(
                    "GEMINI_API_KEY"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #236ac3a6a0053998 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:137
                self.project = os.getenv("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #827787def14eba7d Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/openai/completion.py:250
        data["api_key"] = data.get("api_key") or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc8d56f24e63fe8f Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/openai/completion.py:364
            self.api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf0a984b48c04822 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/openai/completion.py:374
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa16106320211e77 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/openai_compatible/completion.py:189
        env_key = os.getenv(config.api_key_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #562455afc37bb7a1 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/openai_compatible/completion.py:220
            env_value = os.getenv(config.base_url_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f11e3630cd4a34a8 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/snowflake/completion.py:93
                token = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #676cdafa697ed392 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/snowflake/completion.py:114
        account_url = data.get("account_url") or os.getenv("SNOWFLAKE_ACCOUNT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f931c679cedcf64 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/snowflake/completion.py:122
            or os.getenv("SNOWFLAKE_ACCOUNT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca0dd4c2ba9bfcdd Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/snowflake/completion.py:123
            or os.getenv("SNOWFLAKE_ACCOUNT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b00276161b785934 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/snowflake/completion.py:124
            or os.getenv("SNOWFLAKE_ACCOUNT_IDENTIFIER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ee782692805e4bf Environment-variable access.
repo/lib/crewai/src/crewai/memory/storage/lancedb_storage.py:68
            storage_dir = os.environ.get("CREWAI_STORAGE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a711227783aaa6d5 Environment-variable access.
repo/lib/crewai/src/crewai/memory/storage/qdrant_edge_storage.py:104
            storage_dir = os.environ.get("CREWAI_STORAGE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5383737a1e8dbef8 Filesystem access.
repo/lib/crewai/src/crewai/project/crew_base.py:391
        with open(config_path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e888e6a7b475ea0f Filesystem access.
repo/lib/crewai/src/crewai/project/json_loader.py:209
    return parse_jsonc(path.read_text(encoding="utf-8"), source=path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9245cd91a092319 Environment-variable access.
repo/lib/crewai/src/crewai/rag/chromadb/config.py:61
            api_key=os.getenv("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #084945038ec70f99 Filesystem access.
repo/lib/crewai/src/crewai/skills/parser.py:89
    content = path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e3cacb9073b705b Filesystem access.
repo/lib/crewai/src/crewai/state/provider/json_provider.py:66
        with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e25c98c9363d899 Filesystem access.
repo/lib/crewai/src/crewai/state/provider/json_provider.py:132
        return Path(location).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #238126c7a7db309b Filesystem access.
repo/lib/crewai/src/crewai/state/provider/utils.py:29
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4258faf24443a66 Environment-variable access.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:151
            os.getenv("OTEL_SDK_DISABLED", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c034940c9fc110c7 Environment-variable access.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:152
            or os.getenv("CREWAI_DISABLE_TELEMETRY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cec786b08dff1361 Environment-variable access.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:153
            or os.getenv("CREWAI_DISABLE_TRACKING", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e994df140753b6d Environment-variable access.
repo/lib/crewai/src/crewai/types/callback.py:27
    raw = os.environ.get("CREWAI_DESERIALIZE_CALLBACKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07774732d06ba99c Environment-variable access.
repo/lib/crewai/src/crewai/utilities/env.py:20
    return any(os.environ.get(var) for var in CODEX_ENV_VARS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44a3cff14b838bd4 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/env.py:24
    return any(os.environ.get(var) for var in CURSOR_ENV_VARS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd66411f2600eda4 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/env.py:32
    if os.environ.get(CC_ENV_VAR):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #273e9ba0d11df8e3 Filesystem access.
repo/lib/crewai/src/crewai/utilities/file_handler.py:94
                        with open(self._path, encoding="utf-8") as read_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c55c73d017f206ba Filesystem access.
repo/lib/crewai/src/crewai/utilities/file_handler.py:100
                    with open(self._path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ceae54e4fd98f4cc Filesystem access.
repo/lib/crewai/src/crewai/utilities/file_handler.py:112
                    with open(self._path, "a", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #977077a80322d769 Filesystem access.
repo/lib/crewai/src/crewai/utilities/file_handler.py:151
            with open(self.file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc877605ecddaab4 Filesystem access.
repo/lib/crewai/src/crewai/utilities/file_handler.py:165
                with open(self.file_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7ac0914566f3b65 Filesystem access.
repo/lib/crewai/src/crewai/utilities/i18n.py:38
                with open(self.prompt_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5199a16edcd168a0 Filesystem access.
repo/lib/crewai/src/crewai/utilities/i18n.py:44
                with open(prompts_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd222e151411b60f Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:104
        os.environ.get("MODEL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a31efbc722da6dc Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:105
        or os.environ.get("MODEL_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17c93c10ed0a4c74 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:106
        or os.environ.get("OPENAI_MODEL_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5688130d2ee9d66 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:130
        os.environ.get("BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b86c50cdcd3f6df Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:131
        or os.environ.get("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #684444bd022104b4 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:132
        or os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ac9a692dae4f227 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:135
    api_base = os.environ.get("API_BASE") or os.environ.get("AZURE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96b68c829dca78ae Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:178
                    env_value = os.environ.get(key_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #915d62c638bb8875 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:287
    content = file_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7189eb57f8675cf7 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:298
        file_path.write_text("\n".join(lines) + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8305543c4e072f0c Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:317
    doc = tomlkit.parse(file_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27a6fad3dc00faf4 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:326
    file_path.write_text(tomlkit.dumps(doc))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c34870ed1ec64108 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:358
    content = file_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #988d472f895380f1 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:391
        file_path.write_text("\n".join(lines) + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f5cf13ae6a3fdd7 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:591
    content = changelog_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddfafef65b6e9014 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:608
    changelog_path.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57f5a1e430637826 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:668
        content = pyproject.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40f51f74750a46e9 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:671
            pyproject.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e1a999034215eb4 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:689
        if "__version__" in init_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f96a30fdbc9d315b Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1016
            openai_client = OpenAI(api_key=os.getenv("OPENAI_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d3facc6791b6905 Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1264
_ENTERPRISE_REPO: Final[str | None] = os.getenv("ENTERPRISE_REPO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1755971d74fb75f Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1266
    d.strip() for d in os.getenv("ENTERPRISE_VERSION_DIRS", "").split(",") if d.strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2c34ebc6e463e0c Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1268
_ENTERPRISE_CREWAI_DEP_PATH: Final[str | None] = os.getenv("ENTERPRISE_CREWAI_DEP_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c750c1862adfbe04 Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1271
    for p in os.getenv("ENTERPRISE_EXTRA_PACKAGES", "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79c367605b418e0a Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1276
    for p in os.getenv("ENTERPRISE_WORKFLOW_PATHS", "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf276fd79b8bfcfd Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1300
    content = pyproject_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #163fe6140acc063d Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1303
        pyproject_path.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7e510f926f20865 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1330
    raw = workflow_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d49291484bd72aa8 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1343
    workflow_path.write_text("".join(lines))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a627a8d1e12680a4 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1460
        content = pyproject.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd32d09ed53bb700 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1464
            pyproject.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0541bc45de050c7 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:2063
                    content = vfile.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4efb309b87436f1 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_check.py:421
                        ref_content = siblings[0].read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcf12636a88b52da Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_check.py:429
                en_path.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e079fa845528d3f Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_check.py:437
            existing = en_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e9a7f1a8dc51e2e Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_check.py:454
                en_path.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dfddcb0db00c0a78 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_check.py:473
                lang_path.write_text(translated)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ccc563a7412d2594 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_versioning.py:181
        text = mdx.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63ffbae295a1cb67 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_versioning.py:184
            mdx.write_text(new_text, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3f7daace44b6c99 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_versioning.py:383
    data = json.loads(docs_json.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87b79764b3fae3d2 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_versioning.py:427
    docs_json.write_text(
        json.dumps(data, indent=2, ensure_ascii=False) + "\n",
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c918dafaecfb8608 Environment-variable access.
repo/scripts/age90_file_input_runner.py:109
    if model.startswith("openai/") and not os.getenv("OPENAI_API_KEY") and not payload_only:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa9f211848908936 Filesystem access.
repo/scripts/docs/freeze_historical_versions.py:154
        text = mdx.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #351797037ad7db5f Filesystem access.
repo/scripts/docs/freeze_historical_versions.py:157
            mdx.write_text(new_text, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcf3dadda947c8fe Filesystem access.
repo/scripts/docs/prefix_version_paths.py:359
    data = json.loads(docs_json.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #610d18d9487c136f Filesystem access.
repo/scripts/docs/prefix_version_paths.py:389
    docs_json.write_text(
        json.dumps(data, indent=2, ensure_ascii=False) + "\n",
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): lib/crewai-tools

python first-party
high pii_flow production #5825e20696526641 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:45 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:27 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:45
        response = requests.request(
            "POST",
            execute_url,
            headers=headers,
            json=action_params,
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #5507fe8524efcb30 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:71 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:69 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:71
        response = requests.request(
            "GET",
            ACTIONS_URL,
            headers=headers,
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #63231d35ef16f1d4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:133 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:129 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:133
            response = requests.get(
                self.search_url, headers=headers, params=payload, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0624f7ee7edc42ba User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:224 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:219 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:224
            response = requests.post(
                self.base_url, json=request_params, headers=headers, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #62888514053ba6b7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:141 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:135 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:141
            response = requests.post(
                self.base_url, json=payload, headers=headers, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #955cb46f30d8e95a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80
                result = requests.post(
                    url, headers=headers, data=config, files=file, timeout=30
                )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d94cd898c472a16c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:89 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:89
                result = requests.get(status_url, headers=headers, timeout=30)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f8485ec0c36cfc6d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:100 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:100
            result = requests.get(
                results_url,
                headers=headers,
                params={"output_types": ",".join(output_types)},
                timeout=30,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ce2dd87a17b1c453 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:49 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:48 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:49
        response = requests.get(url, headers=headers, timeout=30)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1656225ba9a984ff User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:53 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69
            result = requests.post(
                rerank_url, json=payload, headers=headers, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #05e9c8d65052effe User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:70 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:75 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:70
            response = requests.post(
                url=api_url,
                headers=headers,
                json=payload,
                timeout=60,
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ac80e0835560e117 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:47 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:52 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:47
            response = requests.get(
                actions_url,
                headers=headers,
                timeout=30,
                params={"apps": ",".join(self._apps)},
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #21c7f25470f3badf User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:104 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:78 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:104
            resp = requests.post(
                self.search_url, json=payload, headers=headers, timeout=request_timeout
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8bf8ddb5d38799f1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:43 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39
            requests.get(
                "https://api.patronus.ai/v1/evaluators",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a6982025891d243b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:66 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62
            requests.get(
                "https://api.patronus.ai/v1/evaluator-criteria",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #687458862128e9a1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:145 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:138 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:145
        response = requests.post(
            self.evaluate_url,
            headers=headers,
            data=json.dumps(data),
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #14022791c3d9a6b2 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:95 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:60 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:95
        response = requests.post(
            self.evaluate_url,
            headers=headers,
            data=json.dumps(data),
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e36faa847fc4d138 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:257 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:251 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:257
            response = requests.post(
                search_url, headers=headers, json=payload, timeout=10
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #677c19e339bce11a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:52 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59
            response = requests.post(
                api_url,
                headers=headers,
                data=payload,
                timeout=30,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 124 low-confidence finding(s)
low env_fs production #ceacf54412c313a5 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/adapters/enterprise_adapter.py:14
    base_url = os.getenv("CREWAI_PLUS_URL", "https://app.crewai.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4872295e40828413 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/adapters/enterprise_adapter.py:419
        token = enterprise_action_token or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8508027e6c2e17d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/adapters/enterprise_adapter.py:419
        token = enterprise_action_token or os.environ.get(
            "CREWAI_ENTERPRISE_TOOLS_TOKEN"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b902cd067500efe8 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/adapters/zapier_adapter.py:62
        self.api_key = api_key or os.getenv("ZAPIER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d5500519eda9259 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:60
        self.agent_id = agent_id or os.getenv("BEDROCK_AGENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67d5d5acad7fb642 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:61
        self.agent_alias_id = agent_alias_id or os.getenv("BEDROCK_AGENT_ALIAS_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc415e0bb30c73c0 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:105
                region_name=os.getenv(
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-west-2")
                ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23f9bafedbcf4200 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:106
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #517213f5cafb99c5 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/knowledge_base/retriever_tool.py:60
        self.knowledge_base_id = knowledge_base_id or os.getenv("BEDROCK_KB_ID")  # type: ignore[assignment]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eca8c00c9d1bd865 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/knowledge_base/retriever_tool.py:196
                region_name=os.getenv(
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-east-1")
                ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #017a855f72e5c0ec Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/bedrock/knowledge_base/retriever_tool.py:197
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2e34afe0a5a9e36 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/reader_tool.py:35
                region_name=os.getenv("CREW_AWS_REGION", "us-east-1"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7e209725ecccae2 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/reader_tool.py:36
                aws_access_key_id=os.getenv("CREW_AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86378b1273404a7f Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/reader_tool.py:37
                aws_secret_access_key=os.getenv("CREW_AWS_SEC_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20830d394289159b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/writer_tool.py:36
                region_name=os.getenv("CREW_AWS_REGION", "us-east-1"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b934ad19851cec62 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/writer_tool.py:37
                aws_access_key_id=os.getenv("CREW_AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ee21ec8715415b7 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/aws/s3/writer_tool.py:38
                aws_secret_access_key=os.getenv("CREW_AWS_SEC_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c250461185073be Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/generate_tool_specs.py:190
        with open(output_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb60511983253163 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/rag/embedding_service.py:108
            return os.getenv(env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c83693f33d3847e Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/rag/loaders/csv_loader.py:29
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #563e7fa35c3deaf0 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/rag/loaders/json_loader.py:28
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31c2589ae5f21836 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/rag/loaders/mdx_loader.py:36
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2990c94dfe573a1 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/rag/loaders/text_loader.py:15
        with open(source_content.source, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81b239bf60c51e5c Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/rag/loaders/xml_loader.py:37
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16bbd047ccf2d54d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/security/safe_path.py:52
    return os.environ.get(_UNSAFE_PATHS_ENV, "").lower() in ("true", "1", "yes")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6227c537fc2ab4bb Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/ai_mind_tool/ai_mind_tool.py:47
        self.api_key = api_key or os.getenv("MINDS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d9dcb48a5c9e4c2 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/apify_actors_tool/apify_actors_tool.py:58
        if not os.environ.get("APIFY_API_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bf9f152e6d03b55 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/base.py:26
    with open(filename, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a99b4577a7b2952b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/base.py:126
        self._api_key = api_key or os.environ.get("BRAVE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd38d8836b858af1 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:55
        if "BRAVE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a240bd9f25b82226 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:129
                "X-Subscription-Token": os.environ["BRAVE_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd67195a3631d867 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:20
            API_URL=os.environ.get("BRIGHTDATA_API_URL", "https://api.brightdata.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eacab4f8bac0ad7d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:21
            DEFAULT_TIMEOUT=int(os.environ.get("BRIGHTDATA_DEFAULT_TIMEOUT", "600")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08d9da490fe18841 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:23
                os.environ.get("BRIGHTDATA_DEFAULT_POLLING_INTERVAL", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ed3fe5eb51c404e Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:481
        api_key = os.getenv("BRIGHT_DATA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ca7cb50f1c11241 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:578
        api_key = os.getenv("BRIGHT_DATA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c492ff698fa30c05 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:18
            API_URL=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4390633f87438566 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:18
            API_URL=os.environ.get(
                "BRIGHTDATA_API_URL", "https://api.brightdata.com/request"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b0d11b51ab2ca59 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:125
        self.api_key = os.getenv("BRIGHT_DATA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee4f25c6c14ac67c Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:126
        self.zone = os.getenv("BRIGHT_DATA_ZONE") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #400bf29245106e9a Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:19
            API_URL=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0215764e71a4a5fb Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:19
            API_URL=os.environ.get(
                "BRIGHTDATA_API_URL", "https://api.brightdata.com/request"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1024923a07117771 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:99
        self.api_key = os.getenv("BRIGHT_DATA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d032514f20d71169 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:100
        self.zone = os.getenv("BRIGHT_DATA_ZONE") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #319bae96cf5c795b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/browserbase_load_tool/browserbase_load_tool.py:16
    api_key: str | None = os.getenv("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9026dcc2d9ee2338 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/browserbase_load_tool/browserbase_load_tool.py:17
    project_id: str | None = os.getenv("BROWSERBASE_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2be54e85caacf8b Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_create_agent_tool/contextual_create_agent_tool.py:65
                with open(doc_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9809dc8d642f3778 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:78
            with open(file_path, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e37a3a6b3a1cc5b3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80
                result = requests.post(
                    url, headers=headers, data=config, files=file, timeout=30
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cdcf446e7ec5ae7a Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-tools/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69
            result = requests.post(
                rerank_url, json=payload, headers=headers, timeout=30
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #fb11f19370898d3f Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:75
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3482540a83d6ab77 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:52
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd6d99dd30fbf19b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/misc.py:6
    base_url = os.getenv("CREWAI_PLUS_URL", "https://app.crewai.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32f52bb741b7097f Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/crewai_platform_tools/misc.py:12
    token = os.getenv("CREWAI_PLATFORM_INTEGRATION_TOKEN") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f95f820f352c61d4 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/databricks_query_tool/databricks_query_tool.py:145
        has_profile = "DATABRICKS_CONFIG_PROFILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c822f71df129cb12 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/databricks_query_tool/databricks_query_tool.py:147
            "DATABRICKS_HOST" in os.environ and "DATABRICKS_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #477647641105f115 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/daytona_base_tool.py:35
        default_factory=lambda: os.getenv("DAYTONA_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22ea9f59db0e1abc Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/daytona_base_tool.py:40
        default_factory=lambda: os.getenv("DAYTONA_API_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a8c2d7bc7f33c58 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/daytona_sandbox_tool/daytona_base_tool.py:45
        default_factory=lambda: os.getenv("DAYTONA_TARGET"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fef4baa6a943027 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/e2b_sandbox_tool/e2b_base_tool.py:36
            SecretStr(val) if (val := os.getenv("E2B_API_KEY")) else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ca508354194235c Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/e2b_sandbox_tool/e2b_base_tool.py:43
        default_factory=lambda: os.getenv("E2B_DOMAIN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43a3496737788f4c Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/exa_tools/exa_search_tool.py:58
        default_factory=lambda: os.getenv("EXA_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2284a7c01803530b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/exa_tools/exa_search_tool.py:63
        default_factory=lambda: os.getenv("EXA_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55c72a8141e1be56 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/file_read_tool/file_read_tool.py:93
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94f9a45caf8c8f39 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/file_writer_tool/file_writer_tool.py:70
            with open(real_filepath, mode) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5f703e21923e5a0 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/generate_crewai_automation_tool/generate_crewai_automation_tool.py:28
        default_factory=lambda: os.getenv("CREWAI_PLUS_URL", "https://app.crewai.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7eb0a486920efeaf Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/generate_crewai_automation_tool/generate_crewai_automation_tool.py:32
        default_factory=lambda: os.getenv("CREWAI_PERSONAL_ACCESS_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb23571db818d6af Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/hyperbrowser_load_tool/hyperbrowser_load_tool.py:49
        self.api_key = api_key or os.getenv("HYPERBROWSER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec6199bc2c121ebe Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/linkup/linkup_search_tool.py:54
        self._client = LinkupClient(api_key=api_key or os.getenv("LINKUP_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2115e7b589387f28 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/merge_agent_handler_tool/merge_agent_handler_tool.py:65
        api_key = os.environ.get("AGENT_HANDLER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ffd9941b1c6b22b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/mongodb_vector_search_tool/vector_search.py:124
        if "AZURE_OPENAI_ENDPOINT" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a36886d536d9a59 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/mongodb_vector_search_tool/vector_search.py:126
        elif "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4cf1019c8ba34a50 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/multion_tool/example.py:7
os.environ["OPENAI_API_KEY"] = "Your Key"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2a1ecca62eeaab6 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/multion_tool/multion_tool.py:52
        self.multion = MultiOn(api_key=api_key or os.getenv("MULTION_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b16ff2ca39f02e74 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/nl2sql/nl2sql_tool.py:256
        if os.environ.get("CREWAI_NL2SQL_ALLOW_DML", "").strip().lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #100a4addd730539b Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/ocr_tool/ocr_tool.py:104
        with open(image_path, "rb") as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fcb5131f43f50d7 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_amazon_product_scraper_tool/oxylabs_amazon_product_scraper_tool.py:146
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1013cb81794d80af Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_amazon_product_scraper_tool/oxylabs_amazon_product_scraper_tool.py:147
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e962f46434adbc9 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_amazon_search_scraper_tool/oxylabs_amazon_search_scraper_tool.py:148
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52b6d96dff0bf0a3 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_amazon_search_scraper_tool/oxylabs_amazon_search_scraper_tool.py:149
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c147a97175d98eb1 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_google_search_scraper_tool/oxylabs_google_search_scraper_tool.py:151
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2715d7fd0ef83752 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_google_search_scraper_tool/oxylabs_google_search_scraper_tool.py:152
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1d98b54beb677dc Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_universal_scraper_tool/oxylabs_universal_scraper_tool.py:142
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bca1321167c4ba1 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/oxylabs_universal_scraper_tool/oxylabs_universal_scraper_tool.py:143
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e2a58fcffaf2f26 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:78
        api_key = os.environ.get("PARALLEL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #933f67a6d122fa8f Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39
            requests.get(
                "https://api.patronus.ai/v1/evaluators",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #70d9f54ce6eb776a Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:43
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #321434952ffcd8f7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62
            requests.get(
                "https://api.patronus.ai/v1/evaluator-criteria",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #30e4e5bcdc8f8b76 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:66
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ec766e49cf0fc71 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:138
        api_key = os.getenv("PATRONUS_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31dd2abfd0fd0c17 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:60
        api_key = os.getenv("PATRONUS_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8216870ab5ce0ee Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/qdrant_vector_search_tool/qdrant_search_tool.py:113
                    .Client(api_key=os.getenv("OPENAI_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c73b75646e1b02bd Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/scrape_element_from_website/scrape_element_from_website.py:68
                self.cookies = {cookies["name"]: os.getenv(cookies["value"]) or ""}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe9931b4713d1360 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/scrape_website_tool/scrape_website_tool.py:67
                self.cookies = {cookies["name"]: os.getenv(cookies["value"]) or ""}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea68a1c158e307bf Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/scrapegraph_scrape_tool/scrapegraph_scrape_tool.py:113
        self.api_key = api_key or os.getenv("SCRAPEGRAPH_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac57ba346fda2326 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/scrapfly_scrape_website_tool/scrapfly_scrape_website_tool.py:66
        self.scrapfly = ScrapflyClient(key=api_key or os.getenv("SCRAPFLY_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a549749bd0b5930 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serpapi_tool/serpapi_base_tool.py:44
        api_key = os.getenv("SERPAPI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eab78dcc9b4d86f5 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:94
        with open(filename, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d0cbee19b74fa1e Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:251
            "X-API-KEY": os.environ["SERPER_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a7b067cb9c762a1 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:52
            api_key = os.getenv("SERPER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #65c1951995167d4e Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-tools/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59
            response = requests.post(
                api_url,
                headers=headers,
                data=payload,
                timeout=30,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #d459d10b2cf561ff Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serply_api_tool/serply_job_search_tool.py:47
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b00f5191c59533cf Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serply_api_tool/serply_news_search_tool.py:47
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #140304fa7ef6ded2 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serply_api_tool/serply_scholar_search_tool.py:51
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f623a733adba574 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serply_api_tool/serply_web_search_tool.py:67
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3fec4f130b20b4e Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/serply_api_tool/serply_webpage_to_markdown_tool.py:31
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d114ae2c15587065 Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/snowflake_search_tool/snowflake_search_tool.py:188
            with open(self.config.private_key_path, "rb") as key_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc2d86080a71f1c9 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/example.py:34
browserbase_api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2761717120df01e Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/example.py:35
browserbase_project_id = os.environ.get("BROWSERBASE_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bea2d30286404c9d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/example.py:36
model_api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7bb0efdd5937161 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:208
        self.api_key = api_key or os.getenv("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b7018ab3bb3607c Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:209
        self.project_id = project_id or os.getenv("BROWSERBASE_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c09603237855b03c Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:263
            return self.model_api_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #059aad7145b40b4d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:265
            return self.model_api_key or os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #423db14aa38c6e48 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:267
            return self.model_api_key or os.getenv("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27442dedf49f4c06 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:271
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48fd961b342335d0 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:272
            or os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0eea50fdba65080d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/tavily_extractor_tool/tavily_extractor_tool.py:62
        default_factory=lambda: os.getenv("TAVILY_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9117f38dceb3885b Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/tavily_get_research_tool/tavily_get_research_tool.py:56
            api_key = os.getenv("TAVILY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e29ac30fa89abc1d Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/tavily_research_tool/tavily_research_tool.py:92
            api_key = os.getenv("TAVILY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #762379f88b7418be Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/tavily_search_tool/tavily_search_tool.py:61
        default_factory=lambda: os.getenv("TAVILY_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d7ebad50a0b5c7f Filesystem access.
repo/lib/crewai-tools/src/crewai_tools/tools/vision_tool/vision_tool.py:140
        with open(image_path, "rb") as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #582cdc98ae868b62 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/weaviate_tool/vector_search.py:89
            openai_api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c91e730b291ba3a4 Environment-variable access.
repo/lib/crewai-tools/src/crewai_tools/tools/zapier_action_tool/zapier_action_tool.py:23
        zapier_api_key = os.getenv("ZAPIER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): lib/crewai

python first-party
high pii_flow production #e594286682d95ced User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:256 · flow /tmp/closeopen-4a0hfpp6/repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:256 → /tmp/closeopen-4a0hfpp6/repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:256
        client.auth = DigestAuth(self.username, self.password)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #f806f87a40f903ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/crew.py:21
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d6e6f25fb4646966 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/crew.py:22
from opentelemetry.context import attach, detach

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dbd66c1fc2790829 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/crew.py:42
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a5565a7df7c20675 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/crews/utils.py:9
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b19ff6bbd623e528 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/flow/runtime/__init__.py:35
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #52f018ae381a650a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/flow/runtime/__init__.py:36
from opentelemetry.context import attach, detach

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #552a7207a7be1201 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:23
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4112ddc10e429462 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:24
from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
    OTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #21b420290be173cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:27
from opentelemetry.sdk.resources import SERVICE_NAME, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5f50d401789a0020 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:28
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ed174a2fe033aa7e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:29
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    SpanExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1a2768934f45d108 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:33
from opentelemetry.trace import ProxyTracerProvider, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4d07a9f371d3d35c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/telemetry/utils.py:11
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1da756d6df681aff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai/src/crewai/utilities/crew/crew_context.py:5
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 108 low-confidence finding(s)
low env_fs production #495aa5bf573aaa8f Filesystem access.
repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:112
            root_certs = Path(self.ca_cert_path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56a7fbe58b731020 Filesystem access.
repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:115
            private_key = Path(self.client_key_path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2354d9c90d758002 Filesystem access.
repo/lib/crewai/src/crewai/a2a/auth/client_schemes.py:116
            certificate_chain = Path(self.client_cert_path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7214412dcdda59a9 Environment-variable access.
repo/lib/crewai/src/crewai/a2a/auth/server_schemes.py:151
        return os.environ.get("AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ff76122e9ec828e Filesystem access.
repo/lib/crewai/src/crewai/a2a/config.py:130
            return Path(self.private_key_path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bdb198e95577f74 Environment-variable access.
repo/lib/crewai/src/crewai/a2a/utils/task.py:102
_redis_url = os.environ.get("REDIS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #491e0645b176b461 Environment-variable access.
repo/lib/crewai/src/crewai/agent/core.py:1209
            else os.getenv(CREWAI_TRAINED_AGENTS_FILE_ENV, TRAINED_AGENTS_DATA_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95b1a431315eb65c Environment-variable access.
repo/lib/crewai/src/crewai/context.py:47
        token = os.getenv("CREWAI_PLATFORM_INTEGRATION_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e18dade2bffd7680 Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/trace_listener.py:194
            "user_id": os.getenv("CREWAI_USER_ID", "anonymous"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0620168c0b5a9c27 Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/trace_listener.py:195
            "organization_id": os.getenv("CREWAI_ORG_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dabe0aca2339c58e Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:128
    env_value = os.getenv("CREWAI_TRACING_ENABLED", "").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7996d9921ac203d Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:188
    return os.environ.get("CREWAI_TESTING", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb096f0fc5f980e7 Filesystem access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:297
                content = path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #751fc75b6f9ff3bc Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:341
            container_id = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b6926b7ee514b6a Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:341
            container_id = os.environ.get(
                "HOSTNAME", os.environ.get("CONTAINER_ID", "")
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42eda971e780c4cf Environment-variable access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:342
                "HOSTNAME", os.environ.get("CONTAINER_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c29ef627999329e Filesystem access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:380
        p.write_text(json.dumps(data, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b883c2f93ae1d047 Filesystem access.
repo/lib/crewai/src/crewai/events/listeners/tracing/utils.py:412
        p.write_text(json.dumps(data, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f5cd7d3447ccc4e Environment-variable access.
repo/lib/crewai/src/crewai/events/utils/console_formatter.py:70
        if os.getenv("CI", "").lower() in ("true", "1"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12895cccea628541 Environment-variable access.
repo/lib/crewai/src/crewai/events/utils/console_formatter.py:73
        if os.getenv("CREWAI_DISABLE_VERSION_CHECK", "").lower() in ("true", "1"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94479cf6eb2949a1 Filesystem access.
repo/lib/crewai/src/crewai/experimental/evaluation/experiment/result.py:42
            with open(filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0a6915a1617c5f9 Filesystem access.
repo/lib/crewai/src/crewai/experimental/evaluation/experiment/result.py:58
                with open(baseline_filepath, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00ea8669d201c8cc Filesystem access.
repo/lib/crewai/src/crewai/experimental/evaluation/experiment/result.py:73
                with open(baseline_filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #436370b27e6eccc1 Filesystem access.
repo/lib/crewai/src/crewai/experimental/evaluation/experiment/result.py:91
            with open(baseline_filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b29edf48ebe582c0 Environment-variable access.
repo/lib/crewai/src/crewai/experimental/skills/_flag.py:16
    return os.environ.get(ENV_VAR) == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13142fe8aa15c4d5 Filesystem access.
repo/lib/crewai/src/crewai/experimental/skills/cache.py:91
        (skill_dir / _META_FILENAME).write_text(json.dumps(meta, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #922b91b05b228871 Filesystem access.
repo/lib/crewai/src/crewai/experimental/skills/cache.py:106
                        results.append(json.loads(meta_file.read_text()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ea358b333a2a94c Environment-variable access.
repo/lib/crewai/src/crewai/experimental/skills/registry.py:76
        os.environ.get("CI") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae068cf415393d24 Environment-variable access.
repo/lib/crewai/src/crewai/experimental/skills/registry.py:77
        or os.environ.get("CREWAI_NONINTERACTIVE") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3be559b20159e6be Filesystem access.
repo/lib/crewai/src/crewai/flow/flow_definition.py:824
            contents = source_path.expanduser().read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d25c793d05821cf7 Environment-variable access.
repo/lib/crewai/src/crewai/flow/runtime/_actions.py:238
        raw = os.environ.get(_ALLOW_SCRIPT_EXECUTION_ENV_VAR, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #108ad9ee9b35eb4f Filesystem access.
repo/lib/crewai/src/crewai/flow/skill.py:90
    example_yaml = (_TEMPLATES_DIR / "flow_definition_example.yaml").read_text(
        encoding="utf-8"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6447023d4043d4e1 Filesystem access.
repo/lib/crewai/src/crewai/flow/visualization/renderers/interactive.py:414
    css_content = css_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #025b540e563bdc25 Filesystem access.
repo/lib/crewai/src/crewai/flow/visualization/renderers/interactive.py:421
    css_output_path.write_text(css_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc368e01856a21f8 Filesystem access.
repo/lib/crewai/src/crewai/flow/visualization/renderers/interactive.py:424
    js_content = js_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #629344e5d3345df0 Filesystem access.
repo/lib/crewai/src/crewai/flow/visualization/renderers/interactive.py:438
    js_output_path.write_text(js_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #451d8f7421a50937 Filesystem access.
repo/lib/crewai/src/crewai/flow/visualization/renderers/interactive.py:461
    output_path.write_text(html_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb505d743cdcd4b8 Environment-variable access.
repo/lib/crewai/src/crewai/knowledge/knowledge.py:66
os.environ["TOKENIZERS_PARALLELISM"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee0d692cfb1c8457 Filesystem access.
repo/lib/crewai/src/crewai/knowledge/source/csv_knowledge_source.py:17
            with open(file_path, "r", encoding="utf-8") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ef328e8e176fa2f Filesystem access.
repo/lib/crewai/src/crewai/knowledge/source/json_knowledge_source.py:18
            with open(path, "r", encoding="utf-8") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce7300dbf60c88c0 Filesystem access.
repo/lib/crewai/src/crewai/knowledge/source/text_file_knowledge_source.py:17
            with open(path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55b2636356966ea4 Environment-variable access.
repo/lib/crewai/src/crewai/llm.py:2484
            success_callbacks_str = os.environ.get("LITELLM_SUCCESS_CALLBACKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b75724bfcc5dbe3a Environment-variable access.
repo/lib/crewai/src/crewai/llm.py:2491
            failure_callbacks_str = os.environ.get("LITELLM_FAILURE_CALLBACKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14f635783b04f349 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/anthropic/completion.py:256
            self.api_key = os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64ebf43e4e03c737 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:122
        data["api_key"] = data.get("api_key") or os.getenv("AZURE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4cb7ff6147f81cb Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:125
            or os.getenv("AZURE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a0c44a7b6f9b76f Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:126
            or os.getenv("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db8543b65cba5b12 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:127
            or os.getenv("AZURE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c31a3f5cac34e1a Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:130
            data.get("api_version") or os.getenv("AZURE_API_VERSION") or "2024-06-01"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a6f84c5dd3badeb Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:164
        raw = os.getenv("AZURE_CREDENTIAL_SCOPES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78660b7ff89e02ef Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:271
            self.api_key = os.getenv("AZURE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #110b72c3d11297f8 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:274
                os.getenv("AZURE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2373c479d0057ede Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:275
                or os.getenv("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #100c20f384434b26 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/azure/completion.py:276
                or os.getenv("AZURE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6e4eec6f3ecb759 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/bedrock/completion.py:275
        data["aws_access_key_id"] = data.get("aws_access_key_id") or os.getenv(
            "AWS_ACCESS_KEY_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7dd8fc4bd273c415 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/bedrock/completion.py:278
        data["aws_secret_access_key"] = data.get("aws_secret_access_key") or os.getenv(
            "AWS_SECRET_ACCESS_KEY"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0bf1e8862f723fd Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/bedrock/completion.py:281
        data["aws_session_token"] = data.get("aws_session_token") or os.getenv(
            "AWS_SESSION_TOKEN"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42aec77524c5e4e2 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/bedrock/completion.py:286
            or os.getenv("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12172adb5f16dee4 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/bedrock/completion.py:287
            or os.getenv("AWS_REGION_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8489bda0c41500e2 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:84
            or os.getenv("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10f0450ca87c1284 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:85
            or os.getenv("GEMINI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #930a6f4942600f1b Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:87
        data["project"] = data.get("project") or os.getenv("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f0ac17bb5d234af Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:89
            data.get("location") or os.getenv("GOOGLE_CLOUD_LOCATION") or "us-central1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6ff7e9d70ce44ad Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:94
            use_vx = os.getenv("GOOGLE_GENAI_USE_VERTEXAI", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46d5b3c186505f37 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:133
                self.api_key = os.getenv("GOOGLE_API_KEY") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3603439831f92f6b Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:133
                self.api_key = os.getenv("GOOGLE_API_KEY") or os.getenv(
                    "GEMINI_API_KEY"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #236ac3a6a0053998 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/gemini/completion.py:137
                self.project = os.getenv("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #827787def14eba7d Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/openai/completion.py:250
        data["api_key"] = data.get("api_key") or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc8d56f24e63fe8f Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/openai/completion.py:364
            self.api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf0a984b48c04822 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/openai/completion.py:374
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa16106320211e77 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/openai_compatible/completion.py:189
        env_key = os.getenv(config.api_key_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #562455afc37bb7a1 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/openai_compatible/completion.py:220
            env_value = os.getenv(config.base_url_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f11e3630cd4a34a8 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/snowflake/completion.py:93
                token = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #676cdafa697ed392 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/snowflake/completion.py:114
        account_url = data.get("account_url") or os.getenv("SNOWFLAKE_ACCOUNT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f931c679cedcf64 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/snowflake/completion.py:122
            or os.getenv("SNOWFLAKE_ACCOUNT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca0dd4c2ba9bfcdd Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/snowflake/completion.py:123
            or os.getenv("SNOWFLAKE_ACCOUNT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b00276161b785934 Environment-variable access.
repo/lib/crewai/src/crewai/llms/providers/snowflake/completion.py:124
            or os.getenv("SNOWFLAKE_ACCOUNT_IDENTIFIER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ee782692805e4bf Environment-variable access.
repo/lib/crewai/src/crewai/memory/storage/lancedb_storage.py:68
            storage_dir = os.environ.get("CREWAI_STORAGE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a711227783aaa6d5 Environment-variable access.
repo/lib/crewai/src/crewai/memory/storage/qdrant_edge_storage.py:104
            storage_dir = os.environ.get("CREWAI_STORAGE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5383737a1e8dbef8 Filesystem access.
repo/lib/crewai/src/crewai/project/crew_base.py:391
        with open(config_path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e888e6a7b475ea0f Filesystem access.
repo/lib/crewai/src/crewai/project/json_loader.py:209
    return parse_jsonc(path.read_text(encoding="utf-8"), source=path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9245cd91a092319 Environment-variable access.
repo/lib/crewai/src/crewai/rag/chromadb/config.py:61
            api_key=os.getenv("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #084945038ec70f99 Filesystem access.
repo/lib/crewai/src/crewai/skills/parser.py:89
    content = path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e3cacb9073b705b Filesystem access.
repo/lib/crewai/src/crewai/state/provider/json_provider.py:66
        with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e25c98c9363d899 Filesystem access.
repo/lib/crewai/src/crewai/state/provider/json_provider.py:132
        return Path(location).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #238126c7a7db309b Filesystem access.
repo/lib/crewai/src/crewai/state/provider/utils.py:29
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4258faf24443a66 Environment-variable access.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:151
            os.getenv("OTEL_SDK_DISABLED", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c034940c9fc110c7 Environment-variable access.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:152
            or os.getenv("CREWAI_DISABLE_TELEMETRY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cec786b08dff1361 Environment-variable access.
repo/lib/crewai/src/crewai/telemetry/telemetry.py:153
            or os.getenv("CREWAI_DISABLE_TRACKING", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e994df140753b6d Environment-variable access.
repo/lib/crewai/src/crewai/types/callback.py:27
    raw = os.environ.get("CREWAI_DESERIALIZE_CALLBACKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07774732d06ba99c Environment-variable access.
repo/lib/crewai/src/crewai/utilities/env.py:20
    return any(os.environ.get(var) for var in CODEX_ENV_VARS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44a3cff14b838bd4 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/env.py:24
    return any(os.environ.get(var) for var in CURSOR_ENV_VARS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd66411f2600eda4 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/env.py:32
    if os.environ.get(CC_ENV_VAR):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #273e9ba0d11df8e3 Filesystem access.
repo/lib/crewai/src/crewai/utilities/file_handler.py:94
                        with open(self._path, encoding="utf-8") as read_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c55c73d017f206ba Filesystem access.
repo/lib/crewai/src/crewai/utilities/file_handler.py:100
                    with open(self._path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ceae54e4fd98f4cc Filesystem access.
repo/lib/crewai/src/crewai/utilities/file_handler.py:112
                    with open(self._path, "a", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #977077a80322d769 Filesystem access.
repo/lib/crewai/src/crewai/utilities/file_handler.py:151
            with open(self.file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc877605ecddaab4 Filesystem access.
repo/lib/crewai/src/crewai/utilities/file_handler.py:165
                with open(self.file_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7ac0914566f3b65 Filesystem access.
repo/lib/crewai/src/crewai/utilities/i18n.py:38
                with open(self.prompt_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5199a16edcd168a0 Filesystem access.
repo/lib/crewai/src/crewai/utilities/i18n.py:44
                with open(prompts_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd222e151411b60f Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:104
        os.environ.get("MODEL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a31efbc722da6dc Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:105
        or os.environ.get("MODEL_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17c93c10ed0a4c74 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:106
        or os.environ.get("OPENAI_MODEL_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5688130d2ee9d66 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:130
        os.environ.get("BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b86c50cdcd3f6df Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:131
        or os.environ.get("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #684444bd022104b4 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:132
        or os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ac9a692dae4f227 Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:135
    api_base = os.environ.get("API_BASE") or os.environ.get("AZURE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96b68c829dca78ae Environment-variable access.
repo/lib/crewai/src/crewai/utilities/llm_utils.py:178
                    env_value = os.environ.get(key_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): lib/cli

python first-party
high pii_flow production #3d427a8a07f4a80d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/cli/src/crewai_cli/model_catalog.py:551 · flow /tmp/closeopen-4a0hfpp6/repo/lib/cli/src/crewai_cli/model_catalog.py:550 → /tmp/closeopen-4a0hfpp6/repo/lib/cli/src/crewai_cli/model_catalog.py:551
    response = httpx.get(
        url,
        headers=headers,
        params=params,
        timeout=_TIMEOUT,
        verify=ssl_config,
        follow_redirects=True,
    )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 73 low-confidence finding(s)
low env_fs production #be4a684ed8debfef Filesystem access.
repo/lib/cli/src/crewai_cli/checkpoint_cli.py:85
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #034b99215201d217 Filesystem access.
repo/lib/cli/src/crewai_cli/checkpoint_cli.py:233
            with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #904d0772a20939dd Filesystem access.
repo/lib/cli/src/crewai_cli/checkpoint_cli.py:254
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9786c2952fab1b9 Filesystem access.
repo/lib/cli/src/crewai_cli/checkpoint_cli.py:265
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73c594003bc7341f Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:694
    if os.environ.get("CREWAI_EXPERIMENTAL") != "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e68de405d197df32 Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:956
    crewai_tracing = os.getenv("CREWAI_TRACING_ENABLED", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23d93a9d9aa7434e Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:970
    crewai_testing = os.getenv("CREWAI_TESTING", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c242be6154011cc4 Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:974
    crewai_user_id = os.getenv("CREWAI_USER_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce73572d3d22aebc Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:978
    crewai_org_id = os.getenv("CREWAI_ORG_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a55344b861761d9 Environment-variable access.
repo/lib/cli/src/crewai_cli/cli.py:1072
    env_enabled = os.getenv("CREWAI_TRACING_ENABLED", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05ba2d25c2a75926 Filesystem access.
repo/lib/cli/src/crewai_cli/create_crew.py:32
    with open(template_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7382f007880466bb Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:47
    with open(project_root / ".env", "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd9621e8674c7ff3 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:70
            with open(src_file, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a1cbc753d25deb2 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:83
        with open(dst_file, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4139b2d710afef1 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:142
        content = src_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #937edce5b0ccae17 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:149
        dst_file.write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #628fa043d333017d Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:151
    (project_root / ".env").write_text("OPENAI_API_KEY=YOUR_API_KEY", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e6221b6e7575433 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:152
    (package_root / "__init__.py").write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79c9b7b301ab7ce6 Filesystem access.
repo/lib/cli/src/crewai_cli/create_flow.py:154
        (package_root / folder / ".gitkeep").write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e04752847ea3ddb Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:830
    path.write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e558101db5809078 Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:932
    (folder_path / "pyproject.toml").write_text(
        _render_json_crew_template(
            "pyproject.toml",
            {
                "folder_name": folder_name,
                "name": name,
                "crewai_tools_dependency": get_crewai_tools_dependency(),
            },
        ),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25d1ba887e0a0b36 Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:945
    (folder_path / ".gitignore").write_text(
        _render_json_crew_template(".gitignore"),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #620fcada4a1782bb Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:951
    (folder_path / "README.md").write_text(
        _render_json_crew_template("README.md", {"name": name}),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05d8f773af4d7344 Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:957
    (folder_path / "knowledge" / "user_preference.txt").write_text(
        _render_json_crew_template("knowledge/user_preference.txt"),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9677d5fffe530ca1 Filesystem access.
repo/lib/cli/src/crewai_cli/create_json_crew.py:963
    (folder_path / "skills" / ".gitkeep").write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a8950752c5785c4 Filesystem access.
repo/lib/cli/src/crewai_cli/crew_run_tui.py:67
            content = env_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29004016189042d1 Filesystem access.
repo/lib/cli/src/crewai_cli/crew_run_tui.py:71
            env_file.write_text(f"{content}{sep}{key}=true\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cef6f52dd1f0b27 Filesystem access.
repo/lib/cli/src/crewai_cli/crew_run_tui.py:73
            env_file.write_text(f"{key}=true\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f44417418689212 Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:286
            referenced.update(pattern.findall(crew_path.read_text(errors="ignore")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cdbede4a544463c Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:296
                    pattern.findall(agent_path.read_text(errors="ignore"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b347cfdfceb42698 Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:305
                text = py_path.read_text(encoding="utf-8", errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58003f2ffb926b5e Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:321
            for line in env_file.read_text(errors="ignore").splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6757110b71c97069 Environment-variable access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:332
            and var not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92319b5e2f6cd8a9 Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:873
                text = path.read_text(encoding="utf-8", errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a594c6653735904 Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:880
                text = path.read_text(encoding="utf-8", errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbf1f97d5a8d49df Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:888
            for line in env_file.read_text(errors="ignore").splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b4553fcafe98fba Environment-variable access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:899
            and var not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b078e4cb93f9dbe Filesystem access.
repo/lib/cli/src/crewai_cli/deploy/validate.py:931
            text = lockfile.read_text(errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4317a5e62aefe311 Filesystem access.
repo/lib/cli/src/crewai_cli/experimental/skills/main.py:66
        skill_md.write_text(_SKILL_MD_TEMPLATE.format(name=name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #875506992d7d850d Filesystem access.
repo/lib/cli/src/crewai_cli/experimental/skills/main.py:173
                (cache_dir / ".crewai_meta.json").write_text(json.dumps(meta, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #190309c7f0b5843b Filesystem access.
repo/lib/cli/src/crewai_cli/experimental/skills/main.py:189
            frontmatter = self._parse_frontmatter(skill_md.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc38d6314942e97b Filesystem access.
repo/lib/cli/src/crewai_cli/experimental/skills/main.py:280
                            meta = json.loads(meta_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f76efc26a9da48a5 Filesystem access.
repo/lib/cli/src/crewai_cli/experimental/skills/main.py:371
            fm = self._parse_frontmatter(skill_md.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a03481628f7c3d26 Filesystem access.
repo/lib/cli/src/crewai_cli/git.py:166
        existing = exclude_file.read_text() if exclude_file.exists() else ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ab5706815527c28 Filesystem access.
repo/lib/cli/src/crewai_cli/git.py:178
        exclude_file.write_text(
            f"{existing}{prefix}# CrewAI deploy auto-commit excludes\n{patterns}\n"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6f80f39c7a7a6da Environment-variable access.
repo/lib/cli/src/crewai_cli/model_catalog.py:79
        value = os.environ.get(env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ba7a4d0b2bd4c69 Environment-variable access.
repo/lib/cli/src/crewai_cli/model_catalog.py:302
        os.environ.get("OLLAMA_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e6b3e04393d1850 Environment-variable access.
repo/lib/cli/src/crewai_cli/model_catalog.py:303
        or os.environ.get("API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c9d73170139d8f6 Environment-variable access.
repo/lib/cli/src/crewai_cli/model_catalog.py:304
        or os.environ.get("OLLAMA_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83fc5cb3be7344ea Filesystem access.
repo/lib/cli/src/crewai_cli/model_catalog.py:414
        cache_file.write_text(json.dumps(data), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6699d604a5d5d74 Environment-variable access.
repo/lib/cli/src/crewai_cli/model_catalog.py:550
    ssl_config = os.environ.get("SSL_CERT_FILE") or certifi.where()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #792dd7f5580a37a3 Filesystem access.
repo/lib/cli/src/crewai_cli/model_catalog.py:585
        data: dict[str, Any] = json.loads(path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3318fa773a39cc4 Filesystem access.
repo/lib/cli/src/crewai_cli/model_catalog.py:673
        cache_file.write_text(json.dumps(payload), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d98f951471658677 Filesystem access.
repo/lib/cli/src/crewai_cli/provider.py:149
        with open(cache_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #047ea4c147b37ea1 Environment-variable access.
repo/lib/cli/src/crewai_cli/provider.py:165
    ssl_config = os.environ["SSL_CERT_FILE"] = certifi.where()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b43f858e229fba40 Filesystem access.
repo/lib/cli/src/crewai_cli/provider.py:171
            with open(cache_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ed44e5389a720f70 Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/cli/src/crewai_cli/remote_template/main.py:166
                response = httpx.get(url, params=params, timeout=15)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #492e1b3d29e3f16b Filesystem access.
repo/lib/cli/src/crewai_cli/remote_template/main.py:249
                    with zf.open(member) as src, open(target, "wb") as dst:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4d0898025027360 Environment-variable access.
repo/lib/cli/src/crewai_cli/run_crew.py:321
        os.environ[CREWAI_TRAINED_AGENTS_FILE_ENV] = trained_agents_file

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b28ac80c0addadb4 Environment-variable access.
repo/lib/cli/src/crewai_cli/run_declarative_flow.py:319
    return os.environ.get("UV_RUN_RECURSION_DEPTH") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #380d6b39a71abc90 Environment-variable access.
repo/lib/cli/src/crewai_cli/settings/main.py:45
        env_tracing = os.getenv("CREWAI_TRACING_ENABLED", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4134f413e86ed951 Filesystem access.
repo/lib/cli/src/crewai_cli/templates/flow/main.py:49
        with open(output_dir / "post.md", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d3ace7a9030363f Environment-variable access.
repo/lib/cli/src/crewai_cli/tools/main.py:147
        build_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22204fdced87b2bb Filesystem access.
repo/lib/cli/src/crewai_cli/tools/main.py:180
            with open(tarball_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c5be3217504dbca Filesystem access.
repo/lib/cli/src/crewai_cli/update_crew.py:96
    with open(output_file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ee9e18e5e0f53ca Environment-variable access.
repo/lib/cli/src/crewai_cli/utils.py:53
    value = os.environ.get("CREWAI_DMN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c36d91c4d7c3a844 Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:86
    with open(dst, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a80bd92abab57d88 Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:94
    content = src.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25ea633aaf1d2cd2 Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:104
        with open(env_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11ccd73dd2b09cce Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:142
            with open(filepath, "r", encoding="utf-8", errors="ignore") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb00be3845b40435 Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:144
            with open(filepath, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef2ebe2e5f3233df Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:165
        with open(env_file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f1e23954994c290 Filesystem access.
repo/lib/cli/src/crewai_cli/utils.py:176
    with open(env_file_path, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): lib/crewai-core

python first-party
medium telemetry production #7811a1f185852ce7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:22
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #11dbf06c0e798af7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:23
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c473f72303ef9bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:24
from opentelemetry.sdk.resources import SERVICE_NAME, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #44dd52f19d35838b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:25
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #73895f94df1dfa6f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:26
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    SpanExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #80b498cebee606b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/lib/crewai-core/src/crewai_core/telemetry.py:30
from opentelemetry.trace import ProxyTracerProvider, Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 21 low-confidence finding(s)
low env_fs production #3dd225f8b8a911b0 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/lock_store.py:33
_REDIS_URL: str | None = os.environ.get("REDIS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #083cce6246524964 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/paths.py:13
    return os.environ.get("CREWAI_STORAGE_DIR", Path.cwd().name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #334f0013774a85f3 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/plus_api.py:168
            os.getenv("CREWAI_PLUS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d97393e5043768a Filesystem access.
repo/lib/crewai-core/src/crewai_core/project.py:26
    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bfbe0e09c440ddf Filesystem access.
repo/lib/crewai-core/src/crewai_core/project.py:163
        with open(pyproject_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa326b3657d248a8 Filesystem access.
repo/lib/crewai-core/src/crewai_core/settings.py:97
                test_file.write_text("test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e9ce69fb524f205 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/telemetry.py:125
            os.getenv("OTEL_SDK_DISABLED", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f97a1a5dba956ea5 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/telemetry.py:126
            or os.getenv("CREWAI_DISABLE_TELEMETRY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9aed1496ec518461 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/telemetry.py:127
            or os.getenv("CREWAI_DISABLE_TRACKING", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77658538f757ddf3 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/token_manager.py:88
            base_path = os.environ.get("LOCALAPPDATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #897b58a1d4532985 Filesystem access.
repo/lib/crewai-core/src/crewai_core/token_manager.py:150
            with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ad9ca28d72009d3 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/tool_credentials.py:24
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8703a37cfaa4f58d Environment-variable access.
repo/lib/crewai-core/src/crewai_core/tool_credentials.py:42
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5c4bb0e7b699bda Filesystem access.
repo/lib/crewai-core/src/crewai_core/user_data.py:39
            return cast(dict[str, Any], json.loads(p.read_text()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c7d39c78a765081 Filesystem access.
repo/lib/crewai-core/src/crewai_core/user_data.py:49
        p.write_text(json.dumps(data, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d0386b2a680a8a0 Environment-variable access.
repo/lib/crewai-core/src/crewai_core/user_data.py:86
    if os.getenv("CREWAI_TRACING_ENABLED", "false").lower() in ("true", "1"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6664fa2905d3f9b Filesystem access.
repo/lib/crewai-core/src/crewai_core/version.py:117
            cache_data = json.loads(cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #354e27ac1b86d151 Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/crewai-core/src/crewai_core/version.py:125
        with request.urlopen(
            "https://pypi.org/pypi/crewai/json", timeout=timeout
        ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b2299d799467088b Filesystem access.
repo/lib/crewai-core/src/crewai_core/version.py:142
            cache_file.write_text(json.dumps(cache_data))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56f27e3e04fab4a3 Filesystem access.
repo/lib/crewai-core/src/crewai_core/version.py:154
            cache_data = json.loads(cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcb7bbaba4a2b75f Filesystem access.
repo/lib/crewai-core/src/crewai_core/version.py:168
        cache_data = json.loads(cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): lib/crewai-files

python first-party
expand_more 16 low-confidence finding(s)
low env_fs production #2f4555d609d20c80 Filesystem access.
repo/lib/crewai-files/src/crewai_files/core/sources.py:263
            self._content = self.path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c500fd3eee95488a Filesystem access.
repo/lib/crewai-files/src/crewai_files/core/sources.py:282
        with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5697c05cfc2622c Environment-variable access.
repo/lib/crewai-files/src/crewai_files/formatting/api.py:294
        s3_bucket = os.environ.get("CREWAI_BEDROCK_S3_BUCKET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2405d157fbe1d981 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/formatting/api.py:333
        s3_bucket_owner = os.environ.get("CREWAI_BEDROCK_S3_BUCKET_OWNER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #411a7aa7097b9beb Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/anthropic.py:39
        self._api_key = api_key or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95e9319f735548f7 Filesystem access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:94
    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52e126e94ead104c Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:128
        self._bucket_name = bucket_name or os.environ.get("CREWAI_BEDROCK_S3_BUCKET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d2fa1f4f3eefe25 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:129
        self._bucket_owner = bucket_owner or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baa369128cd4baf7 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:129
        self._bucket_owner = bucket_owner or os.environ.get(
            "CREWAI_BEDROCK_S3_BUCKET_OWNER"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7a28671e0097ffe Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:133
        self._region = region or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a046a79828e9b1f7 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:133
        self._region = region or os.environ.get(
            "AWS_REGION", os.environ.get("AWS_DEFAULT_REGION")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69e7b8c0691be7a6 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:134
            "AWS_REGION", os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d95e549493db66c4 Filesystem access.
repo/lib/crewai-files/src/crewai_files/uploaders/bedrock.py:269
                with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c75f440ceebc4912 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/factory.py:192
            not os.environ.get("CREWAI_BEDROCK_S3_BUCKET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad99358ea6a0551d Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/gemini.py:108
        self._api_key = api_key or os.environ.get("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbcc12ec1aa9cc17 Environment-variable access.
repo/lib/crewai-files/src/crewai_files/uploaders/openai.py:136
        self._api_key = api_key or os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): lib/devtools

python first-party
expand_more 33 low-confidence finding(s)
low env_fs production #915d62c638bb8875 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:287
    content = file_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7189eb57f8675cf7 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:298
        file_path.write_text("\n".join(lines) + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8305543c4e072f0c Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:317
    doc = tomlkit.parse(file_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27a6fad3dc00faf4 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:326
    file_path.write_text(tomlkit.dumps(doc))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c34870ed1ec64108 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:358
    content = file_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #988d472f895380f1 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:391
        file_path.write_text("\n".join(lines) + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f5cf13ae6a3fdd7 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:591
    content = changelog_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddfafef65b6e9014 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:608
    changelog_path.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57f5a1e430637826 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:668
        content = pyproject.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40f51f74750a46e9 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:671
            pyproject.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e1a999034215eb4 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:689
        if "__version__" in init_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f96a30fdbc9d315b Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1016
            openai_client = OpenAI(api_key=os.getenv("OPENAI_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d3facc6791b6905 Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1264
_ENTERPRISE_REPO: Final[str | None] = os.getenv("ENTERPRISE_REPO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1755971d74fb75f Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1266
    d.strip() for d in os.getenv("ENTERPRISE_VERSION_DIRS", "").split(",") if d.strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2c34ebc6e463e0c Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1268
_ENTERPRISE_CREWAI_DEP_PATH: Final[str | None] = os.getenv("ENTERPRISE_CREWAI_DEP_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c750c1862adfbe04 Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1271
    for p in os.getenv("ENTERPRISE_EXTRA_PACKAGES", "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79c367605b418e0a Environment-variable access.
repo/lib/devtools/src/crewai_devtools/cli.py:1276
    for p in os.getenv("ENTERPRISE_WORKFLOW_PATHS", "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf276fd79b8bfcfd Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1300
    content = pyproject_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #163fe6140acc063d Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1303
        pyproject_path.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7e510f926f20865 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1330
    raw = workflow_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d49291484bd72aa8 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1343
    workflow_path.write_text("".join(lines))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a627a8d1e12680a4 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1460
        content = pyproject.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd32d09ed53bb700 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:1464
            pyproject.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0541bc45de050c7 Filesystem access.
repo/lib/devtools/src/crewai_devtools/cli.py:2063
                    content = vfile.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4efb309b87436f1 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_check.py:421
                        ref_content = siblings[0].read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcf12636a88b52da Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_check.py:429
                en_path.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e079fa845528d3f Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_check.py:437
            existing = en_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e9a7f1a8dc51e2e Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_check.py:454
                en_path.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dfddcb0db00c0a78 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_check.py:473
                lang_path.write_text(translated)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ccc563a7412d2594 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_versioning.py:181
        text = mdx.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63ffbae295a1cb67 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_versioning.py:184
            mdx.write_text(new_text, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3f7daace44b6c99 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_versioning.py:383
    data = json.loads(docs_json.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87b79764b3fae3d2 Filesystem access.
repo/lib/devtools/src/crewai_devtools/docs_versioning.py:427
    docs_json.write_text(
        json.dumps(data, indent=2, ensure_ascii=False) + "\n",
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

litellm

python dependency
high pii_flow dependency Excluded from app score #9bbe7c71b1bb1f07 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:108 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:110 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:108
        parameters["httpx_client"] = httpx.Client(
            verify=get_ssl_configuration(),
            cert=os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate),
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #59eedd173f795209 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:136 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:122 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:136
        mock_response = httpx.Response(
            status_code=200,
            content=file_content,
            headers={"content-type": "application/octet-stream"},
            request=httpx.Request(method="GET", url=s3_uri),
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #ac3671388fe2683e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:556 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:541 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:556
        return httpx.AsyncClient(
            transport=transport,
            event_hooks=event_hooks,
            timeout=timeout,
            verify=ssl_config,
            cert=cert,
            headers=default_headers,
            follow_redirects=True,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #a9ee04873fbee983 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1094 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1085 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1094
            self.client = httpx.Client(
                transport=transport,
                timeout=timeout,
                verify=ssl_config,
                cert=cert,
                headers=default_headers,
                follow_redirects=True,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #95b86a95727f4ec3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
        response = httpx.get(path, headers=headers, params=params)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #d1fcfbaa3cd0a83f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:625 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:560 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:625
        mock_response = HttpxResponse(
            status_code=200,
            content=json.dumps(response).encode("utf-8"),
            headers={"content-type": "application/json"},
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #98639e9dfc61f5e3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:41 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:38 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:41
            params={"timeout": httpx.Timeout(timeout=timeout, connect=5.0)},

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #7fd2e2144ef93f20 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ovalix/ovalix.py:89 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ovalix/ovalix.py:79 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ovalix/ovalix.py:89
        self._tracker_headers = httpx.Headers(
            {
                "Authorization": f"Bearer {self._tracker_api_key}",
                "Content-Type": "application/json",
            },
            encoding="utf-8",
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #3b71374776bc3585 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:205 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:196 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:205
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #7b6c511006f5a2fa User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:268 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:259 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:268
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #29472222349a97bf User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:391 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:382 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:391
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #1fed516dfcf2bf86 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:582 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:573 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:582
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #cc1416f7766cc995 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2088 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2061 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2088
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #ee18980cea4a3a3c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:160 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:160
        response = httpx.post(
            self.token_url,
            data={
                "grant_type": "client_credentials",
                "client_id": self.client_id,
                "client_secret": self.client_secret,
                "scope": scope,
            },
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #4d4bce39b56f3a0d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:98 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:101 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:98
                    response=httpx.Response(
                        status_code=429,
                        content="{} rpm limit={}. current usage={}. id={}, model_group={}. Get the model info by calling 'router.get_model_info(id)".format(
                            RouterErrors.user_defined_ratelimit_error.value,
                            deployment_rpm,
                            local_result,
                            model_id,
                            deployment.get("model_name", ""),
                        ),
                        request=httpx.Request(
                            method="tpm_rpm_limits",
                            url="https://github.com/BerriAI/litellm",
                        ),  # type: ignore
                    ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #5707946e184753bd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:122 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:125 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:122
                        response=httpx.Response(
                            status_code=429,
                            content="{} rpm limit={}. current usage={}".format(
                                RouterErrors.user_defined_ratelimit_error.value,
                                deployment_rpm,
                                result,
                            ),
                            request=httpx.Request(
                                method="tpm_rpm_limits",
                                url="https://github.com/BerriAI/litellm",
                            ),  # type: ignore
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #303a3e017a5937c3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:183 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:186 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:183
                    response=httpx.Response(
                        status_code=429,
                        content="{} rpm limit={}. current usage={}".format(
                            RouterErrors.user_defined_ratelimit_error.value,
                            deployment_rpm,
                            local_result,
                        ),
                        headers={"retry-after": str(60)},  # type: ignore
                        request=httpx.Request(
                            method="tpm_rpm_limits",
                            url="https://github.com/BerriAI/litellm",
                        ),  # type: ignore
                    ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #9450cdcf0d3b2d72 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:206 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:209 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:206
                        response=httpx.Response(
                            status_code=429,
                            content="{} rpm limit={}. current usage={}".format(
                                RouterErrors.user_defined_ratelimit_error.value,
                                deployment_rpm,
                                result,
                            ),
                            headers={"retry-after": str(60)},  # type: ignore
                            request=httpx.Request(
                                method="tpm_rpm_limits",
                                url="https://github.com/BerriAI/litellm",
                            ),  # type: ignore
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #d64c5c54b7e0aef6 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:119 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:121 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:119
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} tpm limit={tpm_limit}. current usage={current_tpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #41a424d44e383829 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:138 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:140 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:138
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} rpm limit={rpm_limit}. current usage={current_rpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #0b00c466090d1fc4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:188 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:190 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:188
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} tpm limit={tpm_limit}. current usage={current_tpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #3a98dc16d014a7ee User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:213 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:215 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:213
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} rpm limit={rpm_limit}. current usage={current_rpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry dependency Excluded from app score #9e2eba7bad0bb2e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/_service_logger.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c6f012075fb31a8b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/base_cache.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #160ab125fcf1e202 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/disk_cache.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #62888f272e6a5485 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/dual_cache.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba51700af48eae1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cache.py:42
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b79821dc0dd781ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cluster_cache.py:13
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f89bf41b2554470 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/_utils.py:18
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #57a0a10721d50db1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:19
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b68ce0540a44fd88 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:45
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #40598bae3608e180 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:46
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a74a0356bac5a35e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:12
    from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d7c471400f29e07 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:13
    from opentelemetry.sdk.trace.export import SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #099ea31fbf8b4d2d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:14
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d9f580b67d94c945 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:15
    from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cde920f2a432222d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:16
    from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2505825fa099b472 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:69
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4ec9e6210eb7d893 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:131
        from opentelemetry.sdk.resources import OTELResourceDetector, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f8e71faf7b9b0d0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:148
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1a0033355c698668 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:306
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e58aecf9ab0d184c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:347
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fc74a12a239f2495 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/custom_logger.py:38
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #32074d171ba1d635 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:19
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e0a33cdc64752707 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel_attributes.py:28
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0c9cb513d8b4563e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langtrace.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5df6c0e64ee7d624 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8e4062cdfe716689 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:45
    from opentelemetry.sdk.trace.export import SpanExporter as _SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1beb7f4c7066b443 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:46
    from opentelemetry.trace import Context as _Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #471a3f8f3a2c47ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:47
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eb690f05328bc7ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:48
    from opentelemetry.trace import Tracer as _Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d6169cbac1452889 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:273
        from opentelemetry.sdk.trace.export.in_memory_span_exporter import (
            InMemorySpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #39d7526e47f09e8f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:364
        from opentelemetry.sdk.resources import OTELResourceDetector, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #104c4150d33b1bc2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:539
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #38279122208a7564 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:540
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0c2bea5a8bfd9724 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:541
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b9783d41115a7eff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:575
        from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb29c311246b01a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:576
        from opentelemetry.sdk.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #77e2b220496105d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:635
        from opentelemetry._logs import get_logger_provider, set_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #00aee3528676148e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:636
        from opentelemetry.sdk._logs import LoggerProvider as OTLoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cce6c681571bd734 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:637
        from opentelemetry.sdk._logs.export import BatchLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #666d7da5f105d681 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:677
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf9ed8410fa55939 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:678
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3db87c38f201bd75 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:737
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df8b868375301db4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:738
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2453e8fb08ca0bcb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:799
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #304b2d73c03e0e64 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:800
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #63dcab448a4fee7a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:892
        from opentelemetry import trace as _trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0a0a73a74f24884d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:994
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c88030aa5175f6b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1116
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #69e903914de7465a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1164
            from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ffda8e0533164dfc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1218
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4030d88e5a0e7262 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1237
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72286cb8b610ec1b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1238
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1419e7806ef03e58 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1611
        from opentelemetry._logs import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f89bd65a1042ede9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1614
            from opentelemetry.sdk._logs import LogRecord  # OTEL < 1.39.0

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b8214f8f0b1545d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1616
            from opentelemetry.sdk._logs._internal import (  # OTEL >= 1.39.0
                LogRecord,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #125f4308c6876056 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1728
        from opentelemetry import trace as _trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec321474589a7a08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1850
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2067422f61b1c036 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2685
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e30974c6b3478aee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2696
        from opentelemetry import context, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4abbec038d2a3d95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2697
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #706668ae8d898292 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2751
        from opentelemetry.sdk.trace.export import (
            BatchSpanProcessor,
            ConsoleSpanExporter,
            SimpleSpanProcessor,
            SpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d55bfd19a146064a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2793
                from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
                    OTLPSpanExporter as OTLPSpanExporterHTTP,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6f7360f63315c346 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2812
                from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (
                    OTLPSpanExporter as OTLPSpanExporterGRPC,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5a03cadf4a76fcca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2868
            from opentelemetry.sdk._logs.export import ConsoleLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9adaecc738a5b689 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2880
            from opentelemetry.exporter.otlp.proto.http._log_exporter import (
                OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #00d1d9cc6cef6cf3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2892
                from opentelemetry.exporter.otlp.proto.grpc._log_exporter import (
                    OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ed6a09419ca3e381 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2912
            from opentelemetry.sdk._logs.export import ConsoleLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1b454269d607dbcf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2920
        from opentelemetry.sdk.metrics import Histogram

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #25c0d30fc1cf94d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2921
        from opentelemetry.sdk.metrics.export import (
            AggregationTemporality,
            ConsoleMetricExporter,
            PeriodicExportingMetricReader,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a93a286027e4feae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2946
            from opentelemetry.exporter.otlp.proto.http.metric_exporter import (
                OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aa38d9ba3178bdb8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2959
                from opentelemetry.exporter.otlp.proto.grpc.metric_exporter import (
                    OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9116d01a73b98ec3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:3078
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5d01ad7c6f69677c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:3079
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #648de8059d28b1ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:3136
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #38c7a96df001fe44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:3137
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b502f65b721de9f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry_utils/base_otel_llm_obs_attributes.py:5
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #af183c0d4a7fc1b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry_utils/gen_ai_semconv.py:39
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a165f25f1f6dff2d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/emitter.py:6
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d2492fb3910a7587 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/emitter.py:7
from opentelemetry.trace import Span, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9bf61eb2f9b52044 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/emitter.py:8
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4b3cd2826c41c59b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/logger.py:8
from opentelemetry.context import attach, get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fb41c03794f7bd20 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/logger.py:9
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d1d41b68155af084 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/logger.py:10
from opentelemetry.trace import Span, Tracer, get_current_span, use_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1e7ca3ba812efd7f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/mount.py:113
        from opentelemetry.instrumentation.fastapi import FastAPIInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c2195671f19c1616 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/context.py:6
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #15d807745a399332 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/context.py:7
from opentelemetry.context import Context, get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #55ac0bbf4c116ab4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/context.py:8
from opentelemetry.trace import Span, get_current_span, set_span_in_context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #122762bd99668937 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/context.py:9
from opentelemetry.trace.propagation.tracecontext import (
    TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a4ed25ba5a87d0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/metrics.py:15
from opentelemetry.metrics import Histogram, Meter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #98a488eb608d7121 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:5
from opentelemetry import baggage, metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee22e0289ff65ce1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:6
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0143f8fb8fb15aa4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:7
from opentelemetry.metrics import MeterProvider, NoOpMeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f9dcdef6bb81565 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:8
from opentelemetry.sdk.metrics import MeterProvider as SDKMeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97e7b4da38a2daf9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:9
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #440877a7f8a65684 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:10
from opentelemetry.sdk.trace import ReadableSpan, SpanProcessor, TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8ff1a6daa789ee25 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:11
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    ConsoleSpanExporter,
    SimpleSpanProcessor,
    SpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b030bb12f7a2c9e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:17
from opentelemetry.sdk.trace.export.in_memory_span_exporter import (
    InMemorySpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7fa1585c019ef5ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:20
from opentelemetry.trace import Span, SpanKind, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bec94160c94cde48 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:31
    from opentelemetry.metrics import Meter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fb31a2102cbb37b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:32
    from opentelemetry.sdk.metrics.export import MetricReader

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1e9d2cc368e45825 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:119
        from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
            OTLPSpanExporter as HTTPExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #53abe94b617338f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:128
        from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (
            OTLPSpanExporter as GRPCExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6bf36c537d1e9cf6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:184
    from opentelemetry.sdk.metrics.export import (
        ConsoleMetricExporter,
        PeriodicExportingMetricReader,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #15599a3932322afb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:191
        from opentelemetry.exporter.otlp.proto.http.metric_exporter import (
            OTLPMetricExporter as HTTPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3169e9e2fa748df6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:194
        from opentelemetry.sdk.metrics import Histogram

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4e03fbdae1b9a063 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:195
        from opentelemetry.sdk.metrics.export import AggregationTemporality

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #115c201e085333cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:203
        from opentelemetry.sdk.metrics import Histogram

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #933f18a79a7b552f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:204
        from opentelemetry.sdk.metrics.export import AggregationTemporality

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #db879d3291b18bd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/providers.py:207
            from opentelemetry.exporter.otlp.proto.grpc.metric_exporter import (
                OTLPMetricExporter as GRPCMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0310a6b6fc84cf23 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/routing.py:14
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3549156848692835 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/plumbing/routing.py:15
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fc3b1e30a736370e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/otel/presets/agentops.py:75
    from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
        OTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4790edc393570bc4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:39
        from opentelemetry.semconv.ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #716f1f28cf0b5bc4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:40
        from opentelemetry.trace import SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #815c59246d27f7ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:8
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6ef8f93b9cb5586e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:26
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e83cdf5901d33d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/core_helpers.py:12
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4ee4f8f8d2a192c2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3383
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #112884b078f5bfb2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3387
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #16b06b2a279d2267 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3388
                from sentry_sdk.scrubber import EventScrubber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #37a02b7b5f6fcd55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/logging_utils.py:18
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a8827ea22daacbb6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/llms/base_llm/managed_resources/base_managed_resource.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5e70025d83c8e80c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/_types.py:61
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b5e1f447e65016d6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_checks.py:101
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #58127adbd059b52e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_exception_handler.py:29
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c00736ef545afe8d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/batch_rate_limiter.py:61
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef71d10a980a7875 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter.py:24
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #03a8cc98e8b61022 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:51
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f1b9e12e5ac695e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:126
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fc9f6c959d4ea6d3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:914
            from opentelemetry import trace as _otel_trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6ebbd94541890f14 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1326
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3c7dab45a48d3b76 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/utils.py:170
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97d89c614c80f33f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router.py:200
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #80b85e4f30234bbd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_latency.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ce3c0c7a82a786cc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:21
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7135fb3e0b270eac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_cache.py:17
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #81995aaa7e0b4b91 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_handlers.py:29
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9e3cfa0bcfdb0b8a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/handle_error.py:12
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #65da089ea38da166 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/health_state_cache.py:17
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7ac6b271da82940 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:24
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a160b9786c34440 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/prompt_caching_cache.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 1409 low-confidence finding(s)
low env_fs dependency Excluded from app score #f125aea671476de6 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:23
    return os.getenv("LITELLM_DEV_ENV_HOT_RELOAD") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f56addb41a3c8dba Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:26
if os.getenv("LITELLM_MODE", "DEV") == "DEV":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abba03dc152a3c53 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:97
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09295ba74b5da0c5 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:227
drop_params = bool(os.getenv("LITELLM_DROP_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #689dc2512f0755c0 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:228
modify_params = bool(os.getenv("LITELLM_MODIFY_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #015c82447b023e7d Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:230
    os.getenv("LITELLM_USE_CHAT_COMPLETIONS_URL_FOR_ANTHROPIC_MESSAGES", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #444b1fc2c18514cc Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:244
    os.getenv("LITELLM_ROUTE_ALL_CHAT_OPENAI_TO_RESPONSES", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #829a70ac0a88d4d5 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:248
gemini_live_defer_setup: bool = os.getenv("LITELLM_GEMINI_LIVE_DEFER_SETUP", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d98f488c42010980 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:250
    os.getenv("LITELLM_USE_LEGACY_INTERACTIONS_SCHEMA", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00a52d96e7c59721 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:391
model_cost_map_url: str = os.getenv(
    "LITELLM_MODEL_COST_MAP_URL",
    "https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09440c515a97daf4 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:395
blog_posts_url: str = os.getenv(
    "LITELLM_BLOG_POSTS_URL",
    "https://docs.litellm.ai/blog/rss.xml",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e5b5a54a7da479d Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:399
anthropic_beta_headers_url: str = os.getenv(
    "LITELLM_ANTHROPIC_BETA_HEADERS_URL",
    "https://raw.githubusercontent.com/BerriAI/litellm/main/litellm/anthropic_beta_headers_config.json",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72a1d5f71040deba Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:2097
if os.getenv("LITELLM_DISABLE_LAZY_LOADING", "").lower() in ("1", "true", "yes", "on"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7192d51c0754c4f0 Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:20
_ENABLE_SECRET_REDACTION = os.getenv("LITELLM_DISABLE_REDACT_SECRETS", "").lower() != "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a496ca33f467b88f Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:80
json_logs = bool(os.getenv("JSON_LOGS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49e1cfb9259ffe4a Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:82
log_level = os.getenv("LITELLM_LOG", "DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc4e093b45ef4c7d Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:193
    _client_id = azure_client_id or os.environ.get("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c43b87f89370cb0 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:194
    _tenant_id = azure_tenant_id or os.environ.get("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b5a11244b2670e9 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:195
    _client_secret = azure_client_secret or os.environ.get("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3fa0f9f1b71c893 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:263
        username = os.environ.get("REDIS_USERNAME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46579e97935bb215 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:290
    if "REDIS_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b862ea5d9cb76ff1 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:291
        return os.environ["REDIS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cae94195b49dc4d Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:293
    if "REDIS_HOST" not in os.environ or "REDIS_PORT" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15bd0b338b239ada Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:296
    if "REDIS_SSL" in os.environ and os.environ["REDIS_SSL"].lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b371c8d0b1d3db7 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:303
    if "REDIS_USERNAME" in os.environ and "REDIS_PASSWORD" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b80e8482a626bfe2 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:304
        auth_part = f"{os.environ['REDIS_USERNAME']}:{os.environ['REDIS_PASSWORD']}@"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d1d7d796c1a37a6 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:305
    elif "REDIS_PASSWORD" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #126bc105c268f9c7 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:306
        auth_part = f"{os.environ['REDIS_PASSWORD']}@"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a575c78ffbb63d1 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:308
    return f"{redis_protocol}://{auth_part}{os.environ['REDIS_HOST']}:{os.environ['REDIS_PORT']}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da621a6313f62487 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:573
                username=os.environ.get("REDIS_USERNAME") or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b567d24a8f8eddc Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:616
            username=os.environ.get("REDIS_USERNAME") or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8362f632624ee30 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:662
            username=os.environ.get("REDIS_USERNAME") or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bde05ae65f447bef Filesystem access.
pkgs/python/[email protected]/litellm/anthropic_beta_headers_manager.py:51
                files("litellm").joinpath("anthropic_beta_headers_config.json").read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a729ad28eeccbf4 Environment-variable access.
pkgs/python/[email protected]/litellm/anthropic_beta_headers_manager.py:137
    if os.getenv("LITELLM_LOCAL_ANTHROPIC_BETA_HEADERS", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b51c0cd921d84ed Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:109
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f4517ff936f091f Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:110
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c62cfc54dea49218 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:116
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d268b2650d8cfa1 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:124
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e2f03db88a27724 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:298
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #078d09d31023270d Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:299
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f2092d1ee4024ba Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:305
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8acc1510c5803472 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:313
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e57098a294791513 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:459
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce14de827b2d4ef2 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:460
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a864bd2955f5ff74 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:464
            optional_params.organization or litellm.organization or os.getenv("OPENAI_ORGANIZATION", None) or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #971cc184242620fb Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:467
        api_key = optional_params.api_key or litellm.api_key or litellm.openai_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d9ba5f030661319 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:630
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dab1998f77dca2d Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:631
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd4c2a0aa03dd87a Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:637
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fdf7ab91cbe4a59 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:645
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8dddf36b2aa9719 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:782
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8c464fecf7cf8c5 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:783
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d6990cc65c99561 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:789
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c79844d91416ad77 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:797
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d302a33b3030037b Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:965
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79b526d5c1f4222a Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:966
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #927190775caf0ffd Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:972
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bed14a1b1bd6fe3f Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:980
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c6befc45aed9d7e Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1123
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ea37eef6b1489a1 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1124
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4aba7cbe8d43d880 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1130
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #132a0263c8e8e091 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1138
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #624459b025d69c05 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1318
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #337a3a03ee814462 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1319
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #787d43915058e30b Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1325
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36674add67c2eda8 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1333
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9743a0e926a5ba9f Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:246
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c97d64f642f12d9 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:247
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6a8210d07273ffa Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:253
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5c6dc2030b390b6 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:261
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7023ebd71745f1f Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:395
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cb2d68be758b805 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:396
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b41622d4cb52399a Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:402
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3240ecac828162c9 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:410
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b2707639d66c395 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:711
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b047eb767195283b Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:735
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b42e9c0bedb5f1e Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:736
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #737d6bbf04db2a02 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:742
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc70c8f421d2d849 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:927
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c24b4bdd117bcda Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:928
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84e5484cda73c321 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:932
                optional_params.organization or litellm.organization or os.getenv("OPENAI_ORGANIZATION", None) or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #581981ee813f92d2 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:934
            api_key = optional_params.api_key or litellm.api_key or litellm.openai_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #506211ada41838ab Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:55
                with open("user_cost.json", "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86d139e361d1dbca Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:208
            with open("user_cost.json", "w") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58a1d26cb805d59c Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:71
        qdrant_api_base = qdrant_api_base or os.getenv("QDRANT_URL") or os.getenv("QDRANT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05e29fe8bf4d456e Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:72
        qdrant_api_key = qdrant_api_key or os.getenv("QDRANT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3949b4f2a76a13c5 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:93
                host = host or os.environ["REDIS_HOST"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #864b507c9eefa106 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:94
                port = port or os.environ["REDIS_PORT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba354e7e4dffc95 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:95
                password = password or os.environ["REDIS_PASSWORD"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec112a1d42271ab2 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/valkey_semantic_cache.py:99
        host = host or os.environ.get("VALKEY_HOST") or os.environ.get("REDIS_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daf8b991e407dcb1 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/valkey_semantic_cache.py:100
        port = port or os.environ.get("VALKEY_PORT") or os.environ.get("REDIS_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9d05dd4dadbbcd9 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/valkey_semantic_cache.py:101
        password = password or os.environ.get("VALKEY_PASSWORD") or os.environ.get("REDIS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd37e37daa477728 Environment-variable access.
pkgs/python/[email protected]/litellm/completion_extras/litellm_responses_transformation/transformation.py:924
            litellm.reasoning_auto_summary or os.getenv("LITELLM_REASONING_AUTO_SUMMARY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c99c252df87c7c7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:7
DEFAULT_HEALTH_CHECK_PROMPT = str(os.getenv("DEFAULT_HEALTH_CHECK_PROMPT", "test from litellm"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a744d2a81e5f4736 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:8
AZURE_DEFAULT_RESPONSES_API_VERSION = str(os.getenv("AZURE_DEFAULT_RESPONSES_API_VERSION", "preview"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d4d1f4cde9cacad Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:9
ROUTER_MAX_FALLBACKS = int(os.getenv("ROUTER_MAX_FALLBACKS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be15ff032828cfc5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:10
DEFAULT_BATCH_SIZE = int(os.getenv("DEFAULT_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5789278adef40b15 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:11
DEFAULT_FLUSH_INTERVAL_SECONDS = int(os.getenv("DEFAULT_FLUSH_INTERVAL_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5066a76d0beef46 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:12
DEFAULT_S3_FLUSH_INTERVAL_SECONDS = int(os.getenv("DEFAULT_S3_FLUSH_INTERVAL_SECONDS", 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61b82c213b68aed6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:13
DEFAULT_S3_BATCH_SIZE = int(os.getenv("DEFAULT_S3_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0eec8ca8dc34ccb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:14
DEFAULT_SQS_FLUSH_INTERVAL_SECONDS = int(os.getenv("DEFAULT_SQS_FLUSH_INTERVAL_SECONDS", 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b30aa4dd287756c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:15
DEFAULT_NUM_WORKERS_LITELLM_PROXY = int(os.getenv("DEFAULT_NUM_WORKERS_LITELLM_PROXY", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a19374a57ff91c01 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:16
DYNAMIC_RATE_LIMIT_ERROR_THRESHOLD_PER_MINUTE = int(os.getenv("DYNAMIC_RATE_LIMIT_ERROR_THRESHOLD_PER_MINUTE", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78d017e10c3f0dbb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:17
DEFAULT_SQS_BATCH_SIZE = int(os.getenv("DEFAULT_SQS_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3156555dc9ab418 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:20
DEFAULT_MAX_RETRIES = int(os.getenv("DEFAULT_MAX_RETRIES", 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd1b1482f4349bbd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:24
DEFAULT_MAX_RECURSE_DEPTH = int(os.getenv("DEFAULT_MAX_RECURSE_DEPTH", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #875fa8360ed78cfa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:25
DEFAULT_MAX_RECURSE_DEPTH_SENSITIVE_DATA_MASKER = int(os.getenv("DEFAULT_MAX_RECURSE_DEPTH_SENSITIVE_DATA_MASKER", 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb267d19c352dab9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:27
    os.getenv("DEFAULT_FAILURE_THRESHOLD_PERCENT", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #281074017aba6714 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:29
DEFAULT_MAX_TOKENS = int(os.getenv("DEFAULT_MAX_TOKENS", 4096))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d78cbf11f691d23 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:30
DEFAULT_ALLOWED_FAILS = int(os.getenv("DEFAULT_ALLOWED_FAILS", 3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86f78503d0114d4c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:31
DEFAULT_REDIS_SYNC_INTERVAL = int(os.getenv("DEFAULT_REDIS_SYNC_INTERVAL", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22ce516fd4e0c69c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:32
DEFAULT_COOLDOWN_TIME_SECONDS = int(os.getenv("DEFAULT_COOLDOWN_TIME_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e0db26510ad969b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:33
DEFAULT_REPLICATE_POLLING_RETRIES = int(os.getenv("DEFAULT_REPLICATE_POLLING_RETRIES", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ee0c474f7a58a02 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:34
DEFAULT_REPLICATE_POLLING_DELAY_SECONDS = int(os.getenv("DEFAULT_REPLICATE_POLLING_DELAY_SECONDS", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2b3d3d6a6f9d9a2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:35
DEFAULT_IMAGE_TOKEN_COUNT = int(os.getenv("DEFAULT_IMAGE_TOKEN_COUNT", 250))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f573a5af986bf617 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:40
_max_stream_duration_env = os.getenv("LITELLM_MAX_STREAMING_DURATION_SECONDS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3878a64a52021df9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:48
MAX_BASE64_LENGTH_FOR_LOGGING = int(os.getenv("MAX_BASE64_LENGTH_FOR_LOGGING", 64))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #420ac910f87bdd55 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:52
LITELLM_DETAILED_TIMING = os.getenv("LITELLM_DETAILED_TIMING", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #809e8cb215a1eec5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:56
    os.getenv("MODEL_COST_MAP_MIN_MODEL_COUNT", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25bd68fcdd8a62e0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:59
    os.getenv("MODEL_COST_MAP_MAX_SHRINK_RATIO", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b980116fce277ac5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:61
DEFAULT_IMAGE_WIDTH = int(os.getenv("DEFAULT_IMAGE_WIDTH", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8313a7cd5e248355 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:62
DEFAULT_IMAGE_HEIGHT = int(os.getenv("DEFAULT_IMAGE_HEIGHT", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #361b812762ecbf4d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:67
MAX_IMAGE_URL_DOWNLOAD_SIZE_MB = float(os.getenv("MAX_IMAGE_URL_DOWNLOAD_SIZE_MB", 50))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd9cd202979246a8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:69
    os.getenv("MAX_SIZE_PER_ITEM_IN_MEMORY_CACHE_IN_KB", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #818b761b127edfc9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:76
    os.getenv("SINGLE_DEPLOYMENT_TRAFFIC_FAILURE_THRESHOLD", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5a195f9bc021e90 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:79
    os.getenv("DEFAULT_FAILURE_THRESHOLD_MINIMUM_REQUESTS", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94f91e9f880ae74a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:82
DEFAULT_REASONING_EFFORT_DISABLE_THINKING_BUDGET = int(os.getenv("DEFAULT_REASONING_EFFORT_DISABLE_THINKING_BUDGET", 0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f443d452af894dc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:86
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_EMBEDDING_MODEL", "text-embedding-3-small")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25a37e3a245a095f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:88
DEFAULT_MCP_SEMANTIC_FILTER_TOP_K = int(os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_TOP_K", 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44a3991d8f28e640 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:90
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_SIMILARITY_THRESHOLD", 0.3)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d114d53a91c6d1d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:92
MAX_MCP_SEMANTIC_FILTER_TOOLS_HEADER_LENGTH = int(os.getenv("MAX_MCP_SEMANTIC_FILTER_TOOLS_HEADER_LENGTH", 150))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d317ce0a5f392292 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:96
    os.getenv("DEFAULT_SEMANTIC_GUARD_EMBEDDING_MODEL", "text-embedding-3-small")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e2fa2c25cce7688 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:98
DEFAULT_SEMANTIC_GUARD_SIMILARITY_THRESHOLD = float(os.getenv("DEFAULT_SEMANTIC_GUARD_SIMILARITY_THRESHOLD", 0.75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52d1fe4a8783d72d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:101
MCP_OAUTH2_TOKEN_EXPIRY_BUFFER_SECONDS = int(os.getenv("MCP_OAUTH2_TOKEN_EXPIRY_BUFFER_SECONDS", "60"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bc0e784a13352a3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:102
MCP_OAUTH2_TOKEN_CACHE_MAX_SIZE = int(os.getenv("MCP_OAUTH2_TOKEN_CACHE_MAX_SIZE", "200"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #637c751a9475ce0b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:103
MCP_OAUTH2_TOKEN_CACHE_DEFAULT_TTL = int(os.getenv("MCP_OAUTH2_TOKEN_CACHE_DEFAULT_TTL", "3600"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d9e596acbf358ef Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:108
MCP_NPM_CACHE_DIR = os.getenv("MCP_NPM_CACHE_DIR", "/tmp/.npm_mcp_cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1af27d51257b168b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:109
MCP_OAUTH2_TOKEN_CACHE_MIN_TTL = int(os.getenv("MCP_OAUTH2_TOKEN_CACHE_MIN_TTL", "10"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e292d640cc6f6e1d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:114
    os.getenv("MCP_PER_USER_TOKEN_DEFAULT_TTL", "43200")  # 12 hours

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b789e3c50b2734d4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:116
MCP_PER_USER_TOKEN_EXPIRY_BUFFER_SECONDS = int(os.getenv("MCP_PER_USER_TOKEN_EXPIRY_BUFFER_SECONDS", "60"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff844ea7234d4d93 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:119
MCP_CLIENT_TIMEOUT = float(os.getenv("LITELLM_MCP_CLIENT_TIMEOUT", "60.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b7b65a46ee9ad12 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:120
MCP_TOOL_LISTING_TIMEOUT = float(os.getenv("LITELLM_MCP_TOOL_LISTING_TIMEOUT", "30.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3db05bdecca83de4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:121
MCP_METADATA_TIMEOUT = float(os.getenv("LITELLM_MCP_METADATA_TIMEOUT", "10.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84050329967b4cd9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:122
MCP_HEALTH_CHECK_TIMEOUT = float(os.getenv("LITELLM_MCP_HEALTH_CHECK_TIMEOUT", "10.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b71a4d7eb3575354 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:129
_MCP_STDIO_EXTRA_COMMANDS = os.getenv("LITELLM_MCP_STDIO_EXTRA_COMMANDS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26e781a8f11ba7cd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:135
MCP_TOKEN_EXCHANGE_CACHE_MAX_SIZE = int(os.getenv("MCP_TOKEN_EXCHANGE_CACHE_MAX_SIZE", "500"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ef974d4bf2f4c3e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:145
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_FLASH", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d74234d507f0b532 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:148
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_PRO", 128)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59b32e43a1111393 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:151
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_FLASH_LITE", 512)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebc941337ff2af8f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:165
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET", 128)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f3cd957be3c28ed Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:183
DEFAULT_REASONING_EFFORT_LOW_THINKING_BUDGET = int(os.getenv("DEFAULT_REASONING_EFFORT_LOW_THINKING_BUDGET", 1024))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #424d78320a55de9a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:185
    os.getenv("DEFAULT_REASONING_EFFORT_MEDIUM_THINKING_BUDGET", 2048)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #696e8b825da41c55 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:187
DEFAULT_REASONING_EFFORT_HIGH_THINKING_BUDGET = int(os.getenv("DEFAULT_REASONING_EFFORT_HIGH_THINKING_BUDGET", 4096))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9fc15bbf798190d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:188
DEFAULT_REASONING_EFFORT_XHIGH_THINKING_BUDGET = int(os.getenv("DEFAULT_REASONING_EFFORT_XHIGH_THINKING_BUDGET", 8192))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acba66c5a691250b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:189
DEFAULT_REASONING_EFFORT_MAX_THINKING_BUDGET = int(os.getenv("DEFAULT_REASONING_EFFORT_MAX_THINKING_BUDGET", 16384))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #756a4ca354f1aa3e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:191
    os.getenv("MAX_TOKEN_TRIMMING_ATTEMPTS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a20bd842cde1286e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:194
RUNWAYML_DEFAULT_API_VERSION = str(os.getenv("RUNWAYML_DEFAULT_API_VERSION", "2024-11-06"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f57a24aabf613e2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:195
RUNWAYML_POLLING_TIMEOUT = int(os.getenv("RUNWAYML_POLLING_TIMEOUT", 600))  # 10 minutes default for image generation

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94f46835aa3d01ba Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:202
AIOHTTP_CONNECTOR_LIMIT = int(os.getenv("AIOHTTP_CONNECTOR_LIMIT", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b877cad0c2bc3839 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:203
AIOHTTP_CONNECTOR_LIMIT_PER_HOST = int(os.getenv("AIOHTTP_CONNECTOR_LIMIT_PER_HOST", 500))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dc6f619f3a7da4c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:204
AIOHTTP_KEEPALIVE_TIMEOUT = int(os.getenv("AIOHTTP_KEEPALIVE_TIMEOUT", 120))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1614e0303cbd99c7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:205
AIOHTTP_TTL_DNS_CACHE = int(os.getenv("AIOHTTP_TTL_DNS_CACHE", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70ed9c4ec201f5d9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:212
AIOHTTP_SO_KEEPALIVE = os.getenv("AIOHTTP_SO_KEEPALIVE", "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c091ed4e7ea3601 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:213
AIOHTTP_TCP_KEEPIDLE = int(os.getenv("AIOHTTP_TCP_KEEPIDLE", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2f0eb219b4c86d6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:214
AIOHTTP_TCP_KEEPINTVL = int(os.getenv("AIOHTTP_TCP_KEEPINTVL", 30))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d7adcc2b7efbd9e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:215
AIOHTTP_TCP_KEEPCNT = int(os.getenv("AIOHTTP_TCP_KEEPCNT", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f17c264946a789ae Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:228
_max_size_env = os.getenv("REALTIME_WEBSOCKET_MAX_MESSAGE_SIZE_BYTES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75c3f28512a69d75 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:234
DEFAULT_SSL_CIPHERS = os.getenv(
    "LITELLM_SSL_CIPHERS",
    # Priority 1: TLS 1.3 ciphers (fastest, ~50ms handshake)
    "TLS_AES_256_GCM_SHA384:"  # Fastest observed in testing
    "TLS_AES_128_GCM_SHA256:"  # Slightly faster than 256-bit
    "TLS_CHACHA20_POLY1305_SHA256:"  # Fast on ARM/mobile
    # Priority 2: TLS 1.2 ECDHE+GCM (fast, ~100ms handshake, widely supported)
    "ECDHE-RSA-AES256-GCM-SHA384:"
    "ECDHE-RSA-AES128-GCM-SHA256:"
    "ECDHE-ECDSA-AES256-GCM-SHA384:"
    "ECDHE-ECDSA-AES128-GCM-SHA256:"
    # Priority 3: Additional modern ciphers (good balance)
    "ECDHE-RSA-CHACHA20-POLY1305:"
    "ECDHE-ECDSA-CHACHA20-POLY1305:"
    # Priority 4: Widely compatible fallbacks (slower but universally supported)
    "ECDHE-RSA-AES256-SHA384:"  # Common fallback
    "ECDHE-RSA-AES128-SHA256:"  # Very widely supported
    "AES256-GCM-SHA384:"  # Non-PFS fallback (compatibility)
    "AES128-GCM-SHA256",  # Last resort (maximum compatibility)
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93eef412624ac645 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:263
MAX_REDIS_BUFFER_DEQUEUE_COUNT = int(os.getenv("MAX_REDIS_BUFFER_DEQUEUE_COUNT", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be280bf578571021 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:265
LITELLM_ASYNCIO_QUEUE_MAXSIZE = int(os.getenv("LITELLM_ASYNCIO_QUEUE_MAXSIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6629a7dec52a21cc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:266
TOOL_POLICY_CACHE_TTL_SECONDS = int(os.getenv("TOOL_POLICY_CACHE_TTL_SECONDS", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #536697277782a8ea Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:269
MAX_SIZE_IN_MEMORY_QUEUE = int(os.getenv("MAX_SIZE_IN_MEMORY_QUEUE", int(LITELLM_ASYNCIO_QUEUE_MAXSIZE * 0.8)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd26e288882dabb0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:270
MAX_IN_MEMORY_QUEUE_FLUSH_COUNT = int(os.getenv("MAX_IN_MEMORY_QUEUE_FLUSH_COUNT", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6949fafead9a0c99 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:273
    os.getenv("MINIMUM_PROMPT_CACHE_TOKEN_COUNT", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #942e2d391ebb864c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:276
    os.getenv("DEFAULT_TRIM_RATIO", 0.75)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49fa28b5c68765f7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:278
HOURS_IN_A_DAY = int(os.getenv("HOURS_IN_A_DAY", 24))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ce58f67f961a070 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:279
DAYS_IN_A_WEEK = int(os.getenv("DAYS_IN_A_WEEK", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84804bd624c53910 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:280
DAYS_IN_A_MONTH = int(os.getenv("DAYS_IN_A_MONTH", 28))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #391a78d9a9ae15f3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:281
DAYS_IN_A_YEAR = int(os.getenv("DAYS_IN_A_YEAR", 365))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c16346b03119e9bf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:282
REPLICATE_MODEL_NAME_WITH_ID_LENGTH = int(os.getenv("REPLICATE_MODEL_NAME_WITH_ID_LENGTH", 64))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66dd4b2878ce6f20 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:284
FUNCTION_DEFINITION_TOKEN_COUNT = int(os.getenv("FUNCTION_DEFINITION_TOKEN_COUNT", 9))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e9b7b6c2acd8f31 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:285
SYSTEM_MESSAGE_TOKEN_COUNT = int(os.getenv("SYSTEM_MESSAGE_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bf5e352c14bf50d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:286
TOOL_CHOICE_OBJECT_TOKEN_COUNT = int(os.getenv("TOOL_CHOICE_OBJECT_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1becbaeb7fadff0d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:287
DEFAULT_MOCK_RESPONSE_PROMPT_TOKEN_COUNT = int(os.getenv("DEFAULT_MOCK_RESPONSE_PROMPT_TOKEN_COUNT", 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a7b78aff1c87fb1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:288
DEFAULT_MOCK_RESPONSE_COMPLETION_TOKEN_COUNT = int(os.getenv("DEFAULT_MOCK_RESPONSE_COMPLETION_TOKEN_COUNT", 20))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c9fae7c9c9fea7e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:289
MAX_SHORT_SIDE_FOR_IMAGE_HIGH_RES = int(os.getenv("MAX_SHORT_SIDE_FOR_IMAGE_HIGH_RES", 768))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39e549270f03d367 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:290
MAX_LONG_SIDE_FOR_IMAGE_HIGH_RES = int(os.getenv("MAX_LONG_SIDE_FOR_IMAGE_HIGH_RES", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #943b1989e6af3982 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:291
MAX_TILE_WIDTH = int(os.getenv("MAX_TILE_WIDTH", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76d8b6680d4e100c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:292
MAX_TILE_HEIGHT = int(os.getenv("MAX_TILE_HEIGHT", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7d8e445d857591e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:293
OPENAI_FILE_SEARCH_COST_PER_1K_CALLS = float(os.getenv("OPENAI_FILE_SEARCH_COST_PER_1K_CALLS", 2.5 / 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a76a34416d110c6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:297
    os.getenv("AZURE_FILE_SEARCH_COST_PER_GB_PER_DAY", 0.1)  # $0.1 USD per 1 GB/Day

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7147db35e4d71ed3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:300
    os.getenv("AZURE_COMPUTER_USE_INPUT_COST_PER_1K_TOKENS", 3.0)  # $0.003 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d9857d38d7dd5d8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:303
    os.getenv("AZURE_COMPUTER_USE_OUTPUT_COST_PER_1K_TOKENS", 12.0)  # $0.012 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffe2a456b00a649f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:306
    os.getenv("AZURE_VECTOR_STORE_COST_PER_GB_PER_DAY", 0.1)  # $0.1 USD per 1 GB/Day (same as file search)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3aba99561589db08 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:308
MIN_NON_ZERO_TEMPERATURE = float(os.getenv("MIN_NON_ZERO_TEMPERATURE", 0.0001))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad3ca4994207963c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:311
    os.getenv("REPEATED_STREAMING_CHUNK_LIMIT", 100)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e16b2c1e53e9b69 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:315
DEFAULT_MAX_LRU_CACHE_SIZE = int(os.getenv("DEFAULT_MAX_LRU_CACHE_SIZE", 64))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3619239ccfb52291 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:317
INITIAL_RETRY_DELAY = float(os.getenv("INITIAL_RETRY_DELAY", 0.5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b33c3ec5ab097023 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:318
MAX_RETRY_DELAY = float(os.getenv("MAX_RETRY_DELAY", 8.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b369b4ebc33dc802 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:319
JITTER = float(os.getenv("JITTER", 0.75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88134ce22d1e9f7f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:320
DEFAULT_IN_MEMORY_TTL = int(os.getenv("DEFAULT_IN_MEMORY_TTL", 5))  # default time to live for the in-memory cache

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af9a6bd06b69cc1e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:322
    os.getenv("DEFAULT_MAX_REDIS_BATCH_CACHE_SIZE", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59279036d540460d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:325
    os.getenv("DEFAULT_POLLING_INTERVAL", 0.03)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2002ab1ee72afa36 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:327
AZURE_OPERATION_POLLING_TIMEOUT = int(os.getenv("AZURE_OPERATION_POLLING_TIMEOUT", 120))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b8e688b738bdd87 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:328
AZURE_DOCUMENT_INTELLIGENCE_API_VERSION = str(os.getenv("AZURE_DOCUMENT_INTELLIGENCE_API_VERSION", "2024-11-30"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #445b077f88652e90 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:329
AZURE_DOCUMENT_INTELLIGENCE_DEFAULT_DPI = int(os.getenv("AZURE_DOCUMENT_INTELLIGENCE_DEFAULT_DPI", 96))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4db1825e3d3daa39 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:330
REDIS_SOCKET_TIMEOUT = float(os.getenv("REDIS_SOCKET_TIMEOUT", 0.1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9046c5d3c884a0ea Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:331
REDIS_CONNECTION_POOL_TIMEOUT = int(os.getenv("REDIS_CONNECTION_POOL_TIMEOUT", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b4a3be2dee65d84 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:332
REDIS_CIRCUIT_BREAKER_FAILURE_THRESHOLD = int(os.getenv("REDIS_CIRCUIT_BREAKER_FAILURE_THRESHOLD", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5c01a77a6547118 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:333
REDIS_CIRCUIT_BREAKER_RECOVERY_TIMEOUT = int(os.getenv("REDIS_CIRCUIT_BREAKER_RECOVERY_TIMEOUT", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8485caed4830b3d7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:334
REDIS_CIRCUIT_BREAKER_ENABLED = os.getenv("REDIS_CIRCUIT_BREAKER_ENABLED", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8725ea29ff6f1674 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:337
DEFAULT_REDIS_MAJOR_VERSION = int(os.getenv("DEFAULT_REDIS_MAJOR_VERSION", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2075d4737b7e4cb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:339
    os.getenv("NON_LLM_CONNECTION_TIMEOUT", 15)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78dbcad5dc132359 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:341
MAX_EXCEPTION_MESSAGE_LENGTH = int(os.getenv("MAX_EXCEPTION_MESSAGE_LENGTH", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f75473dd218e1e79 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:342
MAX_STRING_LENGTH_PROMPT_IN_DB = int(os.getenv("MAX_STRING_LENGTH_PROMPT_IN_DB", 2048))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe8101793b3a7340 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:343
BEDROCK_MAX_POLICY_SIZE = int(os.getenv("BEDROCK_MAX_POLICY_SIZE", 75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #467f4194af129771 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:344
BEDROCK_MIN_THINKING_BUDGET_TOKENS = int(os.getenv("BEDROCK_MIN_THINKING_BUDGET_TOKENS", 1024))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32e229dd2d75f8af Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:347
REPLICATE_POLLING_DELAY_SECONDS = float(os.getenv("REPLICATE_POLLING_DELAY_SECONDS", 0.5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ee3840dabb682ea Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:348
DEFAULT_ANTHROPIC_CHAT_MAX_TOKENS = int(os.getenv("DEFAULT_ANTHROPIC_CHAT_MAX_TOKENS", 4096))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b48981f62f6256c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:350
TOGETHER_AI_4_B = int(os.getenv("TOGETHER_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02efbec0b977c5d6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:351
TOGETHER_AI_8_B = int(os.getenv("TOGETHER_AI_8_B", 8))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b584cfc3ae8da85 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:352
TOGETHER_AI_21_B = int(os.getenv("TOGETHER_AI_21_B", 21))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e61ab7e72f35dd33 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:353
TOGETHER_AI_41_B = int(os.getenv("TOGETHER_AI_41_B", 41))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce74e4774c097a34 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:354
TOGETHER_AI_80_B = int(os.getenv("TOGETHER_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ff74380825b6ee8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:355
TOGETHER_AI_110_B = int(os.getenv("TOGETHER_AI_110_B", 110))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b0d23f766ecfb8d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:356
TOGETHER_AI_EMBEDDING_150_M = int(os.getenv("TOGETHER_AI_EMBEDDING_150_M", 150))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f31a094a880457f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:357
TOGETHER_AI_EMBEDDING_350_M = int(os.getenv("TOGETHER_AI_EMBEDDING_350_M", 350))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6428deac9d4fd2a0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:358
QDRANT_SCALAR_QUANTILE = float(os.getenv("QDRANT_SCALAR_QUANTILE", 0.99))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a144ac4553f1b3fb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:359
QDRANT_VECTOR_SIZE = int(os.getenv("QDRANT_VECTOR_SIZE", 1536))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bcb992d4898b4f2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:360
CACHED_STREAMING_CHUNK_DELAY = float(os.getenv("CACHED_STREAMING_CHUNK_DELAY", 0.02))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e7a6e31051bfb49 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:362
    os.getenv("AUDIO_SPEECH_CHUNK_SIZE", 8192)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8a8dd08675d1284 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:364
DEFAULT_MAX_TOKENS_FOR_TRITON = int(os.getenv("DEFAULT_MAX_TOKENS_FOR_TRITON", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85440e8927931733 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:377
request_timeout: float = float(os.getenv("REQUEST_TIMEOUT", str(int(DEFAULT_REQUEST_TIMEOUT_SECONDS))))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55aab37aadf22a6d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:378
request_timeout_explicitly_set: bool = "REQUEST_TIMEOUT" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c86cbeb777c9c9c6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:379
DEFAULT_A2A_AGENT_TIMEOUT: float = float(os.getenv("DEFAULT_A2A_AGENT_TIMEOUT", 6000))  # 10 minutes

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf599bfe90cc16c8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:400
    os.getenv("DEFAULT_REPLICATE_GPU_PRICE_PER_SECOND", 0.001400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70baa8c0c6cd76a6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:402
FIREWORKS_AI_56_B_MOE = int(os.getenv("FIREWORKS_AI_56_B_MOE", 56))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47512b817c0d3180 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:403
FIREWORKS_AI_176_B_MOE = int(os.getenv("FIREWORKS_AI_176_B_MOE", 176))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ee91608924e1aa8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:404
FIREWORKS_AI_4_B = int(os.getenv("FIREWORKS_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28afb37a01146b2e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:405
FIREWORKS_AI_16_B = int(os.getenv("FIREWORKS_AI_16_B", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4015e5c7324b37d3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:406
FIREWORKS_AI_80_B = int(os.getenv("FIREWORKS_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #917d01ed3736e844 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:409
MAX_LANGFUSE_INITIALIZED_CLIENTS = int(os.getenv("MAX_LANGFUSE_INITIALIZED_CLIENTS", 50))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #867dfde36645621c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:410
LOGGING_WORKER_CONCURRENCY = int(os.getenv("LOGGING_WORKER_CONCURRENCY", 100))  # Must be above 0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dc0f72ade2fe0ee Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:411
LOGGING_WORKER_MAX_QUEUE_SIZE = int(os.getenv("LOGGING_WORKER_MAX_QUEUE_SIZE", 50_000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #997c68d1c2c6a9e3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:412
LOGGING_WORKER_MAX_TIME_PER_COROUTINE = float(os.getenv("LOGGING_WORKER_MAX_TIME_PER_COROUTINE", 20.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdafe94ff1923359 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:414
    os.getenv("LOGGING_WORKER_CLEAR_PERCENTAGE", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11e9d3a940cf4d99 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:416
MAX_ITERATIONS_TO_CLEAR_QUEUE = int(os.getenv("MAX_ITERATIONS_TO_CLEAR_QUEUE", 200))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #652d668fbb4ebaf8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:417
MAX_TIME_TO_CLEAR_QUEUE = float(os.getenv("MAX_TIME_TO_CLEAR_QUEUE", 5.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f23431bb8995b41 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:419
    os.getenv("LOGGING_WORKER_AGGRESSIVE_CLEAR_COOLDOWN_SECONDS", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d461ed482607321e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:421
DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE = os.getenv(
    "DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE", "streaming.chunk.yield"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47fce35336eb68a0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:427
EMAIL_BUDGET_ALERT_TTL = int(os.getenv("EMAIL_BUDGET_ALERT_TTL", 24 * 60 * 60))  # 24 hours in seconds

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19ddc972beb50de9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:429
    os.getenv("EMAIL_BUDGET_ALERT_MAX_SPEND_ALERT_PERCENTAGE", 0.8)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24965333f87cddde Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:433
ANTHROPIC_TOKEN_COUNTING_BETA_VERSION = os.getenv("ANTHROPIC_TOKEN_COUNTING_BETA_VERSION", "token-counting-2024-11-01")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adfbd0480fb3588f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:448
DEFAULT_GOOGLE_VIDEO_DURATION_SECONDS = int(os.getenv("DEFAULT_GOOGLE_VIDEO_DURATION_SECONDS", 8))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16475d9a12749065 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:452
    os.getenv("DEFAULT_DATAFORSEO_LOCATION_CODE", 2250)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57dfa72a97fe072b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1260
HUMANLOOP_PROMPT_CACHE_TTL_SECONDS = int(os.getenv("HUMANLOOP_PROMPT_CACHE_TTL_SECONDS", 60))  # 1 minute

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e37ceba991dec97 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1266
    os.getenv("PROMETHEUS_BUDGET_METRICS_REFRESH_INTERVAL_MINUTES", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ce6c5c0f6509cbb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1268
CLOUDZERO_EXPORT_INTERVAL_MINUTES = int(os.getenv("CLOUDZERO_EXPORT_INTERVAL_MINUTES", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af3bd616c52efd65 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1270
MAXIMUM_TRACEBACK_LINES_TO_LOG = int(os.getenv("MAXIMUM_TRACEBACK_LINES_TO_LOG", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8948aaa3a20ca3a9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1293
    os.getenv("MAX_SPENDLOG_ROWS_TO_QUERY", 1_000_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45c4af089cda640a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1296
    os.getenv("DEFAULT_SOFT_BUDGET", 50.0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ca12be924719ca2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1303
PYTHON_GC_THRESHOLD = os.getenv("PYTHON_GC_THRESHOLD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #580fac1361493c4d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1331
BATCH_STATUS_POLL_INTERVAL_SECONDS = int(os.getenv("BATCH_STATUS_POLL_INTERVAL_SECONDS", 3600))  # 1 hour

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55d970a4dba78b28 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1332
BATCH_STATUS_POLL_MAX_ATTEMPTS = int(os.getenv("BATCH_STATUS_POLL_MAX_ATTEMPTS", 24))  # for 24 hours

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ab5a46a9604309d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1334
HEALTH_CHECK_TIMEOUT_SECONDS = int(os.getenv("HEALTH_CHECK_TIMEOUT_SECONDS", 60))  # 60 seconds

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a1984efc5dfe195 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1335
_background_health_check_max_tokens_env = os.getenv("BACKGROUND_HEALTH_CHECK_MAX_TOKENS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0539b47d3d509a5b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1347
_background_health_check_max_tokens_reasoning_env = os.getenv("BACKGROUND_HEALTH_CHECK_MAX_TOKENS_REASONING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0ab91e1e75e59e1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1378
LITELLM_KEY_ROTATION_ENABLED = os.getenv("LITELLM_KEY_ROTATION_ENABLED", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04b7b855dc3df771 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1380
    os.getenv("LITELLM_KEY_ROTATION_CHECK_INTERVAL_SECONDS", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #136677e374d935ad Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1382
LITELLM_KEY_ROTATION_GRACE_PERIOD: str = os.getenv(
    "LITELLM_KEY_ROTATION_GRACE_PERIOD", ""
)  # Duration to keep old key valid after rotation (e.g. "24h", "2d"); empty = immediate revoke (default)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37c704d37af21dfa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1386
    os.getenv("LITELLM_KEY_ROTATION_LOCK_TTL_SECONDS", 600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efc81bc52e644979 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1389
LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_ENABLED = os.getenv("LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_ENABLED", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0219a25c857446f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1391
    os.getenv("LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_INTERVAL_SECONDS", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ccf615eb7b5644b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1394
    os.getenv("LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_BATCH_SIZE", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f69af952abf9bcf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1406
    os.getenv("CLI_JWT_EXPIRATION_HOURS") or os.getenv("LITELLM_CLI_JWT_EXPIRATION_HOURS") or 24

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c1f20e6d38e467d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1410
CLI_SSO_CLAIM_MAP = os.getenv("CLI_SSO_CLAIM_MAP") or os.getenv("LITELLM_CLI_SSO_CLAIM_MAP") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc700d713c5a3de4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1416
LITELLM_UI_SESSION_DURATION = os.getenv("LITELLM_UI_SESSION_DURATION", "24h")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc243be6743185b1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1424
CLOUDZERO_MAX_FETCHED_DATA_RECORDS = int(os.getenv("CLOUDZERO_MAX_FETCHED_DATA_RECORDS", 50000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e0329d3703e0a0e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1428
SPEND_LOG_RUN_LOOPS = int(os.getenv("SPEND_LOG_RUN_LOOPS", 500))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fd0a4930f05f355 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1429
SPEND_LOG_CLEANUP_BATCH_SIZE = int(os.getenv("SPEND_LOG_CLEANUP_BATCH_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff89778a82875f5f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1430
SPEND_LOG_CLEANUP_MAX_CONSECUTIVE_BATCH_FAILURES = int(os.getenv("SPEND_LOG_CLEANUP_MAX_CONSECUTIVE_BATCH_FAILURES", 3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1e808603177f82c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1432
    os.getenv("SPEND_LOG_CLEANUP_BATCH_FAILURE_BACKOFF_SECONDS", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d354bd2784c6328a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1434
SPEND_LOG_PARTITION_INTERVAL = os.getenv("SPEND_LOG_PARTITION_INTERVAL", "day")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #216e59ca5d83457f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1435
SPEND_LOG_PARTITION_PRECREATE_AHEAD = int(os.getenv("SPEND_LOG_PARTITION_PRECREATE_AHEAD", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2ba7eb0e4b1daa9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1436
SPEND_LOG_QUEUE_SIZE_THRESHOLD = int(os.getenv("SPEND_LOG_QUEUE_SIZE_THRESHOLD", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #137cfca3d4e731cb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1437
SPEND_LOG_QUEUE_POLL_INTERVAL = float(os.getenv("SPEND_LOG_QUEUE_POLL_INTERVAL", 2.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccea485533b71957 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1438
SPEND_COUNTER_RESEED_LOCKS_MAX_SIZE = int(os.getenv("SPEND_COUNTER_RESEED_LOCKS_MAX_SIZE", 10000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a3612d0b695a5aa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1439
DEFAULT_CRON_JOB_LOCK_TTL_SECONDS = int(os.getenv("DEFAULT_CRON_JOB_LOCK_TTL_SECONDS", 60))  # 1 minute

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f32ff70ca630d95 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1440
PROXY_BUDGET_RESCHEDULER_MIN_TIME = int(os.getenv("PROXY_BUDGET_RESCHEDULER_MIN_TIME", 597))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86c1c48ab5c3744d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1441
PROXY_BATCH_POLLING_INTERVAL = int(os.getenv("PROXY_BATCH_POLLING_INTERVAL", 3600))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e76a1efdc81918b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1442
MAX_OBJECTS_PER_POLL_CYCLE = max(1, int(os.getenv("MAX_OBJECTS_PER_POLL_CYCLE", 50)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a492d5364ea5e8a3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1443
MANAGED_OBJECT_STALENESS_CUTOFF_DAYS = max(1, int(os.getenv("MANAGED_OBJECT_STALENESS_CUTOFF_DAYS", 7)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecc4eb387b265848 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1444
STALE_OBJECT_CLEANUP_BATCH_SIZE = max(1, int(os.getenv("STALE_OBJECT_CLEANUP_BATCH_SIZE", 1000)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #899b5fce0f0658b4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1448
_batch_polling_env = os.getenv("PROXY_BATCH_POLLING_ENABLED", "true").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95d025974b8a612d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1450
PROXY_BUDGET_RESCHEDULER_MAX_TIME = int(os.getenv("PROXY_BUDGET_RESCHEDULER_MAX_TIME", 605))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54c68c57ec9d36cd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1451
PROXY_BATCH_WRITE_AT = int(os.getenv("PROXY_BATCH_WRITE_AT", 10))  # in seconds, increased from 10

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b404699d5e21e710 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1455
APSCHEDULER_COALESCE = os.getenv("APSCHEDULER_COALESCE", "True").lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6aabc7d1dabb019c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1460
    os.getenv("APSCHEDULER_MISFIRE_GRACE_TIME", 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1050f4cda65de4a4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1462
APSCHEDULER_MAX_INSTANCES = int(os.getenv("APSCHEDULER_MAX_INSTANCES", 1))  # prevent concurrent job instances

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e059aacd32a11ff Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1463
APSCHEDULER_REPLACE_EXISTING = os.getenv("APSCHEDULER_REPLACE_EXISTING", "True").lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3191f4448625f67f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1472
DEFAULT_HEALTH_CHECK_INTERVAL = int(os.getenv("DEFAULT_HEALTH_CHECK_INTERVAL", 300))  # 5 minutes

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f94fd4fee0993584 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1474
    os.getenv("DEFAULT_SHARED_HEALTH_CHECK_TTL", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #921424274fed7033 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1477
    os.getenv("DEFAULT_SHARED_HEALTH_CHECK_LOCK_TTL", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42431e412b78a099 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1480
PROMETHEUS_FALLBACK_STATS_SEND_TIME_HOURS = int(os.getenv("PROMETHEUS_FALLBACK_STATS_SEND_TIME_HOURS", 9))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6587526e4864dd9e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1482
    os.getenv("DEFAULT_MODEL_CREATED_AT_TIME", 1677610602)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9d6f9db517cbad0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1484
DEFAULT_SLACK_ALERTING_THRESHOLD = int(os.getenv("DEFAULT_SLACK_ALERTING_THRESHOLD", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61cda6715c5ca23d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1485
MAX_TEAM_LIST_LIMIT = int(os.getenv("MAX_TEAM_LIST_LIMIT", 20))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28249758b89cf165 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1486
MAX_POLICY_ESTIMATE_IMPACT_ROWS = int(os.getenv("MAX_POLICY_ESTIMATE_IMPACT_ROWS", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0a08f10878cc631 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1487
DEFAULT_PROMPT_INJECTION_SIMILARITY_THRESHOLD = float(os.getenv("DEFAULT_PROMPT_INJECTION_SIMILARITY_THRESHOLD", 0.7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00d523f0641f09b0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1488
LENGTH_OF_LITELLM_GENERATED_KEY = int(os.getenv("LENGTH_OF_LITELLM_GENERATED_KEY", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc35e1e75f229743 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1489
SECRET_MANAGER_REFRESH_INTERVAL = int(os.getenv("SECRET_MANAGER_REFRESH_INTERVAL", 86400))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36d862300684caae Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1501
DEFAULT_MANAGEMENT_OBJECT_IN_MEMORY_CACHE_TTL = int(os.getenv("DEFAULT_MANAGEMENT_OBJECT_IN_MEMORY_CACHE_TTL", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cf33ebdc75235e0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1502
DEFAULT_ACCESS_GROUP_CACHE_TTL = int(os.getenv("DEFAULT_ACCESS_GROUP_CACHE_TTL", 600))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62ed792d2519dd67 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1581
COROUTINE_CHECKER_MAX_SIZE_IN_MEMORY = int(os.getenv("COROUTINE_CHECKER_MAX_SIZE_IN_MEMORY", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #497a4b71a91e4f73 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1584
DEFAULT_CHUNK_SIZE = int(os.getenv("DEFAULT_CHUNK_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04efa29e092377e5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1585
DEFAULT_CHUNK_OVERLAP = int(os.getenv("DEFAULT_CHUNK_OVERLAP", 200))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb8bf71ccf2fea64 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1588
S3_VECTORS_DEFAULT_DIMENSION = int(os.getenv("S3_VECTORS_DEFAULT_DIMENSION", 1024))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2f5c8d759efc9cf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1589
S3_VECTORS_DEFAULT_DISTANCE_METRIC = str(os.getenv("S3_VECTORS_DEFAULT_DISTANCE_METRIC", "cosine"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abacdd11bb3c0754 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1593
MICROSOFT_USER_EMAIL_ATTRIBUTE = str(os.getenv("MICROSOFT_USER_EMAIL_ATTRIBUTE", "userPrincipalName"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ff89cc930469222 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1594
MICROSOFT_USER_DISPLAY_NAME_ATTRIBUTE = str(os.getenv("MICROSOFT_USER_DISPLAY_NAME_ATTRIBUTE", "displayName"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a8458a0fd7419c7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1595
MICROSOFT_USER_ID_ATTRIBUTE = str(os.getenv("MICROSOFT_USER_ID_ATTRIBUTE", "id"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc4202a29523e9d4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1596
MICROSOFT_USER_FIRST_NAME_ATTRIBUTE = str(os.getenv("MICROSOFT_USER_FIRST_NAME_ATTRIBUTE", "givenName"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #491c67f10272d65b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1597
MICROSOFT_USER_LAST_NAME_ATTRIBUTE = str(os.getenv("MICROSOFT_USER_LAST_NAME_ATTRIBUTE", "surname"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13985ba4eeb2d0ed Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1601
MAX_PAYLOAD_SIZE_FOR_DEBUG_LOG = int(os.getenv("MAX_PAYLOAD_SIZE_FOR_DEBUG_LOG", 102400))  # 100 KB

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa70c1964463ec1c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1604
MAX_COMPETITOR_NAMES = int(os.getenv("MAX_COMPETITOR_NAMES", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1297e92a82edd9bc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1605
COMPETITOR_LLM_TEMPERATURE = float(os.getenv("COMPETITOR_LLM_TEMPERATURE", 0.3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ad98a215bcd4e53 Filesystem access.
pkgs/python/[email protected]/litellm/containers/endpoint_factory.py:40
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60e1fa6091ab214e Environment-variable access.
pkgs/python/[email protected]/litellm/experimental_mcp_client/client.py:326
            if key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50324c3dce49ac2a Environment-variable access.
pkgs/python/[email protected]/litellm/experimental_mcp_client/client.py:327
                safe_env[key] = os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0e7b15755f1b888 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:201
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c0fd37d940c20ae Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:202
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c23d6382246ca1e Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:208
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88af9e8878b58f67 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:216
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bb44dda51263899 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:414
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ce8520d727d1631 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:415
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e80fb9f1c01df58e Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:421
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a81e5e3a8152680 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:429
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7e4d3d3488f6c7a Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:572
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd5c9afdeb28f13e Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:573
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ab4184a7a1359df Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:579
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2d08613d11ad825 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:587
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5159d83874a7862d Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:725
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4912b22d6e22e775 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:726
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84475a59274e1904 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:730
                optional_params.organization or litellm.organization or os.getenv("OPENAI_ORGANIZATION", None) or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72dd54e7242f10be Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:732
            api_key = optional_params.api_key or litellm.api_key or litellm.openai_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e0302b7288699e7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1041
    base_url={os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87fbc15336b34d8f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1086
        webhook_url = os.getenv("WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #235527e18498e3f2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1131
            email_logo_url = os.getenv("SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee2b43a6ef4f3a61 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1132
            email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dae8d0050ed54c07 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1150
            base_url = os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aa67ecaf31b3772 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1219
        email_logo_url = os.getenv("SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ceabaeec4de4af34 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1220
        email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afcbb22056cec0f1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1330
                _digest_webhook = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e1edec118744a6e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1357
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea9a4f371735536e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1383
            slack_webhook_url = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f451202c003d25af Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1459
                _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6bb8491e3af82cb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:24
            api_key=os.getenv("AGENTOPS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acfed071e9219e9e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:25
            service_name=os.getenv("AGENTOPS_SERVICE_NAME", "agentops"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ceda78e50759be65 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:26
            deployment_environment=os.getenv("AGENTOPS_ENVIRONMENT", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62068abbe89d3fcc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:59
            float(os.getenv("ARGILLA_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89daf2d969d69ee0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:60
            if os.getenv("ARGILLA_SAMPLING_RATE") is not None and os.getenv("ARGILLA_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19eceff64ed25d73 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:65
        _batch_size = os.getenv("ARGILLA_BATCH_SIZE", None) or litellm.argilla_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0b52d4232ee1cec Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:88
        _credentials_api_key = argilla_api_key or os.getenv("ARGILLA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5313553a510c9c8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:92
        _credentials_base_url = argilla_base_url or os.getenv("ARGILLA_BASE_URL") or "http://localhost:6900/"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f78173616454e1b1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:96
        _credentials_dataset_name = argilla_dataset_name or os.getenv("ARGILLA_DATASET_NAME") or "litellm-completion"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b13003499e9041eb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:199
                float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c3173478f05cd4d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:200
                if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd9f4bee302f9d44 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:201
                and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7d202ffc87d8d8a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/__init__.py:20
    api_key = getattr(litellm_params, "api_key", None) or os.environ.get("PHOENIX_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55040dc159509aaa Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:86
        space_id = os.environ.get("ARIZE_SPACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b52f581b9a44fbf Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:87
        space_key = os.environ.get("ARIZE_SPACE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19e1f67962e2728f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:88
        api_key = os.environ.get("ARIZE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #037968c760aca11e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:89
        project_name = os.environ.get("ARIZE_PROJECT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dff403a17c6beaa3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:91
        grpc_endpoint = os.environ.get("ARIZE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5e8b1b8473bd47b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:92
        http_endpoint = os.environ.get("ARIZE_HTTP_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9446e088b37b7b0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:284
            os.environ.get("PHOENIX_PROJECT_NAME") or os.environ.get("ARIZE_PROJECT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9edfa06f25bff49d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:396
        api_key = os.environ.get("PHOENIX_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9431f63946a8698 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:398
        collector_endpoint = os.environ.get("PHOENIX_COLLECTOR_HTTP_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83b7b1d8a717ffe4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:401
            grpc_endpoint = os.environ.get("PHOENIX_COLLECTOR_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47381e1df7cfa65b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:402
            http_endpoint = os.environ.get("PHOENIX_COLLECTOR_HTTP_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32713ae04e60d0e2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:441
        project_name = os.environ.get("PHOENIX_PROJECT_NAME") or "default"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37526c0f688f3f15 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:10
        self.athina_api_key = os.getenv("ATHINA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba5de88e18a0385 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:15
        self.athina_logging_url = os.getenv("ATHINA_BASE_URL", "https://log.athina.ai") + "/api/v1/log/inference"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a2be97668a8e5c5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:68
        resolved_dcr_immutable_id = dcr_immutable_id or os.getenv("AZURE_SENTINEL_DCR_IMMUTABLE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acaf3f06d31c1006 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:69
        resolved_stream_name = stream_name or os.getenv("AZURE_SENTINEL_STREAM_NAME") or "Custom-LiteLLM"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c888c62eb3d00221 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:71
        resolved_endpoint = endpoint or os.getenv("AZURE_SENTINEL_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db7b81909cd8f497 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:72
        resolved_tenant_id = tenant_id or os.getenv("AZURE_SENTINEL_TENANT_ID") or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91bc7e3f1be0136e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:73
        resolved_client_id = client_id or os.getenv("AZURE_SENTINEL_CLIENT_ID") or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bcc8a7e1b64fcc3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:75
            client_secret or os.getenv("AZURE_SENTINEL_CLIENT_SECRET") or os.getenv("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eefa1f6360c61638 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:30
            self.tenant_id = os.getenv("AZURE_STORAGE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deba77fb140ec4d8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:31
            self.client_id = os.getenv("AZURE_STORAGE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e43282107b2d152 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:32
            self.client_secret = os.getenv("AZURE_STORAGE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caa9efc1df2fd821 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:33
            self.azure_storage_account_key: Optional[str] = os.getenv("AZURE_STORAGE_ACCOUNT_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fb0818a312e4ae3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:36
            _azure_storage_account_name = os.getenv("AZURE_STORAGE_ACCOUNT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f5e3be19d3eda55 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:40
            _azure_storage_file_system = os.getenv("AZURE_STORAGE_FILE_SYSTEM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #664291a5729c163d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:44
        self.api_base = api_base or os.getenv("BRAINTRUST_API_BASE") or API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #405f83b03c8b0e93 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:46
        self.api_key: str = api_key or os.getenv("BRAINTRUST_API_KEY")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5505fecee5ee2e23 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:63
        if api_key is None and os.getenv("BRAINTRUST_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c46882bf9fd906b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_mock_client.py:54
_MOCK_LATENCY_SECONDS = float(os.getenv("BRAINTRUST_MOCK_LATENCY_MS", "100")) / 1000.0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d25bd3db4ee2a09 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:37
        self.api_key = api_key or os.getenv("CLOUDZERO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0091af067d7e6eb6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:38
        self.connection_id = connection_id or os.getenv("CLOUDZERO_CONNECTION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c37d1126db81932a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:39
        self.timezone = timezone or os.getenv("CLOUDZERO_TIMEZONE", "UTC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36159ff0885d7c14 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:73
    raw = os.getenv("DD_BATCH_SIZE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be55336c527ff19d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:144
            resolved_agent_host = dd_agent_host or os.getenv("LITELLM_DD_AGENT_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88fd06bedef6b793 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:206
        resolved_port = dd_agent_port or os.getenv("LITELLM_DD_AGENT_PORT", "10518")  # default port for logs

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #233368da3408f640 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:209
            os.getenv("DD_API_KEY") if allow_env_credentials else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a91a883d8f32188 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:230
        resolved_api_key = dd_api_key or (os.getenv("DD_API_KEY") if allow_env_credentials else None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b82b7d3952ebd1c6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:231
        resolved_site = dd_site or os.getenv("DD_SITE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #593d12c2c79493e2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:49
        self.dd_api_key = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd765827c775acb0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:50
        self.dd_app_key = os.getenv("DD_APP_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee592fb2f50b2818 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:51
        self.dd_site = os.getenv("DD_SITE", "datadoghq.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ff203d633a9df8e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:12
    return os.getenv("DD_SOURCE", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee78817bfd38ec1a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:16
    return os.getenv("DD_SERVICE", "litellm-server")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d336b0dfe1dd5374 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:20
    return os.getenv("HOSTNAME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1470e500cac45fb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:28
    return os.getenv("DD_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbf12cfbaffd4484 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:32
    return os.getenv("DD_ENV", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a4f644c6e05b30c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:36
    return os.getenv("POD_NAME", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e51bfd068c82a55 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:52
        "version": os.getenv("DD_VERSION", "unknown"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #549708ed7926fa1f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:61
            dd_agent_host = os.getenv("LITELLM_DD_AGENT_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1a2db646c16abc4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:64
            self.DD_API_KEY = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8135c8ee7869cbc9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:70
                if os.getenv("DD_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a220d3494d08963 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:72
                if os.getenv("DD_SITE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b070a5518a186c1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:103
        agent_port = os.getenv("LITELLM_DD_LLM_OBS_PORT", "8126")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db099ea7899d4179 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:115
        self.DD_SITE = os.getenv("DD_SITE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1101ed6a7c6972d7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:32
        self.dd_api_key = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42f4d13e29dc5ab9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:33
        self.dd_app_key = os.getenv("DD_APP_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dd9cd077b525726 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:34
        self.dd_site = os.getenv("DD_SITE", "datadoghq.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ec18fe3852edd82 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:72
            f"version:{os.getenv('DD_VERSION', 'unknown')}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfb01d67b5978a82 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:24
        api_key = os.getenv("CONFIDENT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e0ea17a57187441 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:25
        self.litellm_environment = os.getenv("LITELM_ENVIRONMENT", "development")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b6b513daa78e23b Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:151
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #def385c83be9c520 Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:308
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8b9d41a4cb79c0e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/dynamodb.py:19
        self.dynamodb: Any = boto3.resource("dynamodb", region_name=os.environ["AWS_REGION_NAME"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #655969df32e27f72 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:79
    email_logo_url = os.getenv("SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9b255a768125f12 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:80
    email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d06cc8dff6c14b48 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:46
                "bucket_name": overrides.get("bucket_name") or os.getenv("FOCUS_S3_BUCKET_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b12d5c4584fbf3e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:47
                "region_name": overrides.get("region_name") or os.getenv("FOCUS_S3_REGION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2bfb203c18f6748 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:48
                "endpoint_url": overrides.get("endpoint_url") or os.getenv("FOCUS_S3_ENDPOINT_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bf2168983b71c1e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:49
                "aws_access_key_id": overrides.get("aws_access_key_id") or os.getenv("FOCUS_S3_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15fe6900c76399b4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:50
                "aws_secret_access_key": overrides.get("aws_secret_access_key") or os.getenv("FOCUS_S3_SECRET_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9802e8aa03a13c92 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:51
                "aws_session_token": overrides.get("aws_session_token") or os.getenv("FOCUS_S3_SESSION_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cefea129ffccf907 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:58
                "api_key": overrides.get("api_key") or os.getenv("VANTAGE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ecd543202b85335 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:59
                "integration_token": overrides.get("integration_token") or os.getenv("VANTAGE_INTEGRATION_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3e8dcd61e4f43b8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:60
                "base_url": overrides.get("base_url") or os.getenv("VANTAGE_BASE_URL", "https://api.vantage.sh"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad5326738865a5c8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:69
                "bucket_name": overrides.get("bucket_name") or os.getenv("FOCUS_GCS_BUCKET_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #098155c6dfb8a9c5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:71
                or os.getenv("FOCUS_GCS_PATH_SERVICE_ACCOUNT"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f30a380de4331e0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:78
                "api_key": overrides.get("api_key") or os.getenv("MAVVRIK_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61ae6af73d0179f0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:79
                "api_endpoint": overrides.get("api_endpoint") or os.getenv("MAVVRIK_API_ENDPOINT"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cd5613ad09f2e86 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:80
                "connection_id": overrides.get("connection_id") or os.getenv("MAVVRIK_CONNECTION_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dafd6c1166006ba5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:41
        self.provider = (provider or os.getenv("FOCUS_PROVIDER") or "s3").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73e4c5990b6e2a87 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:42
        self.export_format = (export_format or os.getenv("FOCUS_FORMAT") or "parquet").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a026fb46aa2431d5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:43
        self.frequency = (frequency or os.getenv("FOCUS_FREQUENCY") or "hourly").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fb688a9fd2f8b84 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:45
            cron_offset_minute if cron_offset_minute is not None else int(os.getenv("FOCUS_CRON_OFFSET", "5"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd3174d48fd38930 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:47
        raw_interval = interval_seconds if interval_seconds is not None else os.getenv("FOCUS_INTERVAL_SECONDS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61ecccc736c47eca Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:57
        env_prefix = os.getenv("FOCUS_PREFIX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f45f92d1f24122e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:64
        self.api_key = os.getenv("GALILEO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8e37315260f32f8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:65
        self.project_id = os.getenv("GALILEO_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e43b083bf00ed8b1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:66
        self.log_stream_id = os.getenv("GALILEO_LOG_STREAM_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec8a19926b54935c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:67
        self.username = os.getenv("GALILEO_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c56f68f277304da5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:68
        self.password = os.getenv("GALILEO_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82720d20ccf65e7d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:69
        self.base_url = self._normalize_base_url(os.getenv("GALILEO_BASE_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ff60084b9c068f0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:34
        self.batch_size = int(os.getenv("GCS_BATCH_SIZE", GCS_DEFAULT_BATCH_SIZE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f6be9458a134594 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:35
        self.flush_interval = int(os.getenv("GCS_FLUSH_INTERVAL", GCS_DEFAULT_FLUSH_INTERVAL_SECONDS))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee7410bb5ec8f6dc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:37
            os.getenv("GCS_USE_BATCHED_LOGGING", str(GCS_DEFAULT_USE_BATCHED_LOGGING).lower()).lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fff2d45bcb24c80 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:41
        _path_service_account = os.getenv("GCS_PATH_SERVICE_ACCOUNT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5c5299256176818 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:42
        _bucket_name = bucket_name or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17a1857c59e1da5a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:92
        project_id = os.getenv("GOOGLE_SECRET_MANAGER_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #439000c7802f672f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:53
        self.project_id = project_id or os.getenv("GCS_PUBSUB_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ea87f2b9390d223 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:54
        self.topic_id = topic_id or os.getenv("GCS_PUBSUB_TOPIC_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #975807f7c1b48226 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:55
        self.path_service_account_json = credentials_path or os.getenv("GCS_PATH_SERVICE_ACCOUNT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7d4528cc48b078c Filesystem access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:41
        with open(json_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15047f37d24dab09 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:90
        return os.getenv(env_var_name, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb73fcc402e13a96 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:154
        endpoint = endpoint or os.getenv("GENERIC_LOGGER_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16382376052f0d42 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:206
        env_headers = os.getenv("GENERIC_LOGGER_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dcc6fd203438071 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:12
        self.greenscale_api_key = os.getenv("GREENSCALE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be9faefb5e0ea0f9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:17
        self.greenscale_logging_url = os.getenv("GREENSCALE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f62cde68630cb933 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:37
        self.key = os.getenv("HELICONE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #506173451cbf54ca Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:38
        self.api_base = os.getenv("HELICONE_API_BASE") or "https://api.hconeai.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d300b521965de2a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:51
        if os.getenv("LAGO_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd152fca1a9fe6df Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:54
        if os.getenv("LAGO_API_BASE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a295f57fd5d050f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:57
        if os.getenv("LAGO_API_EVENT_CODE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #729007dac72c54e9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:89
        if os.getenv("LAGO_API_CHARGE_BY", None) is not None and isinstance(os.environ["LAGO_API_CHARGE_BY"], str):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38d41cc104d0fe46 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:90
            if os.environ["LAGO_API_CHARGE_BY"] in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f16036f3ec59cb3b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:95
                charge_by = os.environ["LAGO_API_CHARGE_BY"]  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd49febfe3838a0d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:117
                "code": os.getenv("LAGO_API_EVENT_CODE"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b1fa399d1e0d0b3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:126
        _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69cf0082e476ce30 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:135
        api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a320ef9bae6650b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:160
            _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83ab9807172f063e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:169
            api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b7442128747c3d3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:98
        secret_key = langfuse_secret or langfuse_secret_key or os.getenv("LANGFUSE_SECRET_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f72550644f8f1383 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:99
        public_key = langfuse_public_key or os.getenv("LANGFUSE_PUBLIC_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3183a055736aca30 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:101
    resolved_host = langfuse_host or os.getenv("LANGFUSE_HOST", "https://cloud.langfuse.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f258dff0f9ab480 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:132
        self.langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cee9d5fe92a37ca8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:133
        self.langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44f3d00a20d4cb1e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:162
            os.environ["LANGFUSE_PROJECT_ID"] = "mock-project-id"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b2b6418a0ac1086 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:167
                os.environ["LANGFUSE_PROJECT_ID"] = project_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3475ef2f808e4e0a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:171
        if os.getenv("UPSTREAM_LANGFUSE_SECRET_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d2507ea8711b164 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:172
            upstream_langfuse_debug_env = os.getenv("UPSTREAM_LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f180eb7cb1c454ef Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:176
            self.upstream_langfuse_secret_key = os.getenv("UPSTREAM_LANGFUSE_SECRET_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa63cf8b63c0d85a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:177
            self.upstream_langfuse_public_key = os.getenv("UPSTREAM_LANGFUSE_PUBLIC_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0774b763cf486557 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:178
            self.upstream_langfuse_host = os.getenv("UPSTREAM_LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdb3e35be9948cfd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:179
            self.upstream_langfuse_release = os.getenv("UPSTREAM_LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ab3c7a0fb4d4baa Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:649
                proxy_base_url = os.environ.get("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df42924f6bf599a2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:931
        return int(os.getenv("LANGFUSE_FLUSH_INTERVAL") or flush_interval)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #531cbba40c634cb1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:224
        langfuse_environment = os.environ.get("LANGFUSE_TRACING_ENVIRONMENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a8faf67e7d510e1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:254
        return os.environ.get("LANGFUSE_OTEL_HOST") or os.environ.get("LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8433eccd46b3af7a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:263
        public_key = os.environ.get("LANGFUSE_PUBLIC_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #341ab54ec6acb8db Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:264
        secret_key = os.environ.get("LANGFUSE_SECRET_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bea1602f7f4a6baa Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:311
        public_key = os.environ.get("LANGFUSE_PUBLIC_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c5213f2d4c4b846 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:312
        secret_key = os.environ.get("LANGFUSE_SECRET_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2ee66f59cb97f00 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:86
    langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7cf33ea12b621f6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:87
    langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #070c4ad97d40ef78 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:110
            cert=os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0c49aea7904d187 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:66
            langsmith_sampling_rate or float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2b8621bf4ec726b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:67
            if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b98dd06a38f0b83 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:68
            and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08732f303819635f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:71
        self.langsmith_default_run_name = os.getenv("LANGSMITH_DEFAULT_RUN_NAME", "LLMRun")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec0d663b17a0e659 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:73
        _batch_size = os.getenv("LANGSMITH_BATCH_SIZE", None) or litellm.langsmith_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba88c66ce12fe40e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:111
            _credentials_api_key = langsmith_api_key or os.getenv("LANGSMITH_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4f2c176293fa4c6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:112
            _credentials_project = langsmith_project or os.getenv("LANGSMITH_PROJECT") or "litellm-completion"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43360d5a9ae5d9ec Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:114
                langsmith_base_url or os.getenv("LANGSMITH_BASE_URL") or "https://api.smith.langchain.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3220be3bf08f1c10 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:116
            _credentials_tenant_id = langsmith_tenant_id or os.getenv("LANGSMITH_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f5e2c8948276dae Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:52
        api_key = os.environ.get("LEVOAI_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #243009e59001ce23 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:53
        org_id = os.environ.get("LEVOAI_ORG_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4716550c98ab1df1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:54
        workspace_id = os.environ.get("LEVOAI_WORKSPACE_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3f6979e257c2a7c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:55
        collector_url = os.environ.get("LEVOAI_COLLECTOR_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bbbc485068a25e5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:28
        self.literalai_api_url = os.getenv("LITERAL_API_URL") or literalai_api_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73b309e9373b2782 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:31
            "x-api-key": literalai_api_key or os.getenv("LITERAL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06dd9892fa3bd2cb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:38
        batch_size = os.getenv("LITERAL_BATCH_SIZE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc334a4a67b4d255 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/logfire_logger.py:36
                logfire.configure(token=os.getenv("LOGFIRE_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3db01fe78bb86321 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mavvrik_focus/mavvrik_focus_logger.py:87
        frequency = os.getenv("MAVVRIK_FOCUS_FREQUENCY", "daily").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b18e6d9c2936f8ac Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mavvrik_focus/mavvrik_focus_logger.py:101
                "api_key": os.getenv("MAVVRIK_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29cd03a6649d096b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mavvrik_focus/mavvrik_focus_logger.py:102
                "api_endpoint": os.getenv("MAVVRIK_API_ENDPOINT"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1369d0ddb4a39e4d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mavvrik_focus/mavvrik_focus_logger.py:103
                "connection_id": os.getenv("MAVVRIK_CONNECTION_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d72470ab6877177 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mavvrik_focus/mavvrik_focus_logger.py:107
        raw = os.getenv("MAVVRIK_FOCUS_MAX_ROWS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e0851a77849b0b4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mock_client_factory.py:123
    _MOCK_LATENCY_SECONDS = float(os.getenv(latency_env, str(config.default_latency_ms))) / 1000.0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c47cbde38529a88 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mock_client_factory.py:270
        mock_mode = os.getenv(config.env_var, "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d616e8f2f9aa730 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/newrelic/newrelic.py:96
        self.license_key = os.getenv("NEW_RELIC_LICENSE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd2acf4ecb70659f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/newrelic/newrelic.py:97
        self.app_name = os.getenv("NEW_RELIC_APP_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d220eef4a4fe0dd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/newrelic/newrelic.py:164
        raw = os.getenv(var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a41a63a100d86b42 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:44
        if os.getenv("OPENMETER_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92ecfa9f1052bb8c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:70
        trust_request_user = os.getenv("OPENMETER_TRUST_REQUEST_USER", "true").lower() != "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #163d7722fd8bec42 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:90
            "type": os.getenv("OPENMETER_EVENT_TYPE", "litellm_tokens"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5170319e6737d76b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:99
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #151f26d6d55b7595 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:105
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20f4b7bd3b345752 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:125
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2f198f56e3a1e5c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:131
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5466808851fbefc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:69
LITELLM_TRACER_NAME = os.getenv("OTEL_TRACER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #489f483fbcf625ee Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:70
LITELLM_METER_NAME = os.getenv("LITELLM_METER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b67b6f557969b4f1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:71
LITELLM_LOGGER_NAME = os.getenv("LITELLM_LOGGER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fee2189b9805fa72 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:250
            self.service_name = os.getenv("OTEL_SERVICE_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5d505a05c9fbac2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:252
            self.deployment_environment = os.getenv("OTEL_ENVIRONMENT_NAME", "production")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa578375442b49ca Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:254
            self.model_id = os.getenv("OTEL_MODEL_ID", self.service_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #572fa13049862dbc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:256
            self.ignore_context_propagation = str_to_bool(os.getenv("OTEL_IGNORE_CONTEXT_PROPAGATION"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c42515ac1e7164a7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:259
        self.semconv_stability_opt_in |= parse_semconv_opt_in(os.getenv(OTEL_SEMCONV_STABILITY_OPT_IN_ENV))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #980f24c70d04baa0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:262
        ) or _normalize_team_metadata_keys(os.getenv("LITELLM_OTEL_BAGGAGE_TEAM_METADATA_KEYS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #426b45e9e457f46e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:277
        exporter = os.getenv("OTEL_EXPORTER_OTLP_PROTOCOL", os.getenv("OTEL_EXPORTER", "console"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4948aa414934ce0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:278
        endpoint = os.getenv("OTEL_EXPORTER_OTLP_ENDPOINT", os.getenv("OTEL_ENDPOINT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #471891a48641f084 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:279
        headers = os.getenv(
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")
        )  # example: OTEL_HEADERS=x-honeycomb-team=B85YgLm96***"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #743bfc6119e4e747 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:280
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4e02ccbc1a73f91 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:282
        enable_metrics: bool = os.getenv("LITELLM_OTEL_INTEGRATION_ENABLE_METRICS", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75f44d6152e7a3c1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:283
        enable_events: bool = os.getenv("LITELLM_OTEL_INTEGRATION_ENABLE_EVENTS", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ecc0dcfabd15628 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:284
        service_name = os.getenv("OTEL_SERVICE_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e7e945534472686 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:285
        deployment_environment = os.getenv("OTEL_ENVIRONMENT_NAME", "production")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64f1919f311c2142 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:286
        model_id = os.getenv("OTEL_MODEL_ID", service_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29dd4f42a08078f4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:339
        _debug_otel = str(os.getenv("DEBUG_OTEL", "False")).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec76f54e169bc2f7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:495
        explicit = self.config.capture_message_content or os.getenv(
            "OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5ffd657f601e8ba Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2866
        otel_logs_exporter = os.getenv("OTEL_LOGS_EXPORTER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1f02487d563d648 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opik/utils.py:56
    return os.getenv((env_prefix + key).upper(), None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #720ace0029f07735 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/otel/mount.py:116
            os.environ.get("OTEL_PYTHON_FASTAPI_EXCLUDED_URLS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #444e2177daf84796 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/otel/mount.py:117
            if "OTEL_PYTHON_FASTAPI_EXCLUDED_URLS" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7944f3b8c87acb31 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:54
            if os.getenv("POSTHOG_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #570eae7f9fbcc96f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:60
            self.POSTHOG_API_KEY = os.getenv("POSTHOG_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8d7930962e5cba9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:61
            posthog_api_url = os.getenv("POSTHOG_API_URL", "https://us.i.posthog.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02654fd998bf09dd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/prometheus.py:3578
        if "PROMETHEUS_MULTIPROC_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e3c7bce4e370c61 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:15
        self.key = os.getenv("PROMPTLAYER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75d0f9b545640ad9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/rubrik.py:80
        rbrk_sampling_rate = os.getenv("RUBRIK_SAMPLING_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4591cc7f175c5323 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/rubrik.py:90
        self.key = api_key or os.getenv("RUBRIK_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b267432f74c3cfca Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/rubrik.py:93
        _batch_size = os.getenv("RUBRIK_BATCH_SIZE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a30348054ea71c82 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/rubrik.py:109
        _webhook_url = api_base or os.getenv("RUBRIK_WEBHOOK_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aaaf343dffe5ec6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:18
        self.supabase_url = os.getenv("SUPABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b92ca5788bb8a1e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:19
        self.supabase_key = os.getenv("SUPABASE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a1f341ca94fbb2e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:46
        resolved_api_key = api_key or os.getenv("VANTAGE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fef28ed010e66f4e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:47
        resolved_token = integration_token or os.getenv("VANTAGE_INTEGRATION_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #119e9afa5d5f305d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:48
        resolved_base_url = base_url or os.getenv("VANTAGE_BASE_URL", "https://api.vantage.sh")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4ecdf97c9f84877 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:49
        resolved_frequency = (frequency or os.getenv("VANTAGE_EXPORT_FREQUENCY") or "hourly").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db7b92da9ec74e5d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:51
        raw_interval = interval_seconds or os.getenv("VANTAGE_EXPORT_INTERVAL_SECONDS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6435f4a8a7b13b5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:134
    api_key = os.getenv("WANDB_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #728e3c88b1c261f0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:135
    project_id = os.getenv("WANDB_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea1bcad782928064 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:136
    host = os.getenv("WANDB_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #935d7a61743abcfa Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:161
    os.environ["OTEL_EXPORTER_OTLP_ENDPOINT"] = endpoint

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10a1e8d212b780f7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:162
    os.environ["OTEL_EXPORTER_OTLP_HEADERS"] = otlp_auth_headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #487e93906d7077f0 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:70
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0618ec27e0672925 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:88
                with open(str(content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59a3e3699795a0e7 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:174
                with open(str(file_content_obj), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ae9902c115e4c08 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:220
    return open(file_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #212597ec1cdae868 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:257
            with open(str(file), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45535ebe47490441 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/cli_token_utils.py:28
        with open(token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3db2cd55e7be8210 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:19
custom_cache_dir = os.getenv("CUSTOM_TIKTOKEN_CACHE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e98bbfc86da713fd Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:27
os.environ["TIKTOKEN_CACHE_DIR"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d56e750c9656d93 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/env_utils.py:14
    raw = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80ea31a009330598 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_blog_posts.py:54
        content = json.loads(files("litellm").joinpath("blog_posts.json").read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e672305fb544b0a Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_blog_posts.py:131
        if os.getenv("LITELLM_LOCAL_BLOG_POSTS", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32eaec4104a3057b Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:40
            files("litellm").joinpath("model_prices_and_context_window_backup.json").read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22fac9b711a2b1bf Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:251
    if os.getenv("LITELLM_LOCAL_MODEL_COST_MAP", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2c417fae31aa346 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3392
                    os.environ.get("SENTRY_API_TRACE_RATE") if "SENTRY_API_TRACE_RATE" in os.environ else "1.0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f677a366087da439 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3395
                    os.environ.get("SENTRY_API_SAMPLE_RATE") if "SENTRY_API_SAMPLE_RATE" in os.environ else "1.0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7cbf8ab9599b5e6 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3398
                    dsn=os.environ.get("SENTRY_DSN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da88552a89d25436 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3403
                    environment=os.environ.get("SENTRY_ENVIRONMENT", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f92e3415f566ef32 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3415
                    token=os.environ.get("SLACK_API_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37b6b9618c80b4cb Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3416
                    signing_secret=os.environ.get("SLACK_API_SECRET"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #561ea68172133273 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3418
                alerts_channel = os.environ["SLACK_API_CHANNEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d35845835427f3b Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3664
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2306c2fa5e3dfab5 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3691
                os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = arize_phoenix_config.otlp_auth_headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d72ac4315953ca98 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3817
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b642bd3b15596171 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3824
            logfire_base_url = os.getenv("LOGFIRE_BASE_URL", "https://logfire-api.pydantic.dev")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4e92eec8258d9ed Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3828
                headers=f"Authorization={os.getenv('LOGFIRE_TOKEN')}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdd8c7e50d4ef1a6 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3878
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc783e89f48895ef Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3893
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = f"api_key={os.getenv('LANGTRACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01a96d459356524f Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4123
    if not any(os.environ.get(v) for v in phoenix_env_vars):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #498e90102ddec34c Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4269
            if "ARIZE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23fe58f9dc3069a0 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4275
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23606f3a3faac79b Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4304
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a1680bdaee27270 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:5351
    if os.getenv("LITELLM_PRINT_STANDARD_LOGGING_PAYLOAD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5854fccbb8b83e8 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/common_utils.py:800
        with open(file_content, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d8eddeb688332e5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/anthropic/count_tokens/token_counter.py:60
            api_key = os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bcd6847f0da3fa3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/anthropic/experimental_pass_through/utils.py:10
    return litellm.reasoning_auto_summary or os.getenv("LITELLM_REASONING_AUTO_SUMMARY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #213e5d93e1a91c00 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:173
    azure_authority_host = os.getenv("AZURE_AUTHORITY_HOST", "https://login.microsoftonline.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12b50035154a3011 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:174
    azure_client_id = azure_client_id or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c7d62fbe3566581 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:175
    azure_tenant_id = azure_tenant_id or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d007b24dce9acc94 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:284
    tenant_id = litellm_params.get("tenant_id") or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ea36be908b0584 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:285
    client_id = litellm_params.get("client_id") or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09592bc2fedffdbf Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:286
    client_secret = litellm_params.get("client_secret") or os.getenv("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b29f884f1a86ad2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:287
    azure_username = litellm_params.get("azure_username") or os.getenv("AZURE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd666278f574c679 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:288
    azure_password = litellm_params.get("azure_password") or os.getenv("AZURE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d08bc103a14a1f21 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:289
    scope = litellm_params.get("azure_scope") or os.getenv(
        "AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc9b8ff21c942084 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:575
            api_version = os.getenv("AZURE_API_VERSION", litellm.AZURE_DEFAULT_API_VERSION)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dc236a1b6225dff Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:626
        tenant_id = litellm_params.get("tenant_id", os.getenv("AZURE_TENANT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0452d7e4c15914f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:627
        client_id = litellm_params.get("client_id", os.getenv("AZURE_CLIENT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca3d253afccd2183 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:630
            os.getenv("AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7be7d3befb511457 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:761
        return os.getenv(env_var_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #611001c4ec26f7e9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/token_counter.py:62
            api_key = os.getenv("AZURE_AI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d43ce18a7575ba0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/token_counter.py:67
            api_base = os.getenv("AZURE_AI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1d9d0002e047ed2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:219
            value if value is not None else os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea208b63d7d812de Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:624
            or os.getenv("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72d7dc49d793e334 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:625
            or os.getenv("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2acb67e6f54568e0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:735
        current_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a495c8da4412dea Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:736
        web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dad4fe85c56af927 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:812
        if aws_web_identity_token.startswith("os.environ/") or aws_web_identity_token in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ed50d58c34c4ddb Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:936
        with open(web_identity_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2f64bb8e42c91a0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:1067
        web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #072e3fdaa0798efc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:1068
        irsa_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c7f067295552ef3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/batches/transformation.py:107
        output_bucket = litellm_params.get("s3_output_bucket_name") or os.getenv("AWS_S3_OUTPUT_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c72f5d37fbf0f317 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/batches/transformation.py:116
            or os.getenv("AWS_BATCH_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c22df25cd277ac13 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/common_utils.py:1512
            litellm_params.get("s3_bucket_name") or optional_params.get("s3_bucket_name") or os.getenv(bucket_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a1e8831ef9c9079 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:128
    bucket_name = bucket_name or os.getenv("AWS_S3_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1f1f5ca0ca3eb2a Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:199
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab6a17305ae0ab23 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:268
        bucket_name = litellm_params.get("s3_bucket_name") or os.getenv("AWS_S3_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27c41ffc4ed31bb7 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:1141
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4acf6b49b43e570c Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/image_edit/amazon_nova_canvas_image_edit_transformation.py:145
        with open(image, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0603dab4051dd85b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:33
        self.token_dir = os.getenv(
            "CHATGPT_TOKEN_DIR",
            os.path.expanduser("~/.config/litellm/chatgpt"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38f244c4d68a2ade Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:37
        self.auth_file = os.path.join(self.token_dir, os.getenv("CHATGPT_AUTH_FILE", "auth.json"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #885e2c9cc7d3a949 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:41
        return os.getenv("CHATGPT_API_BASE") or os.getenv("OPENAI_CHATGPT_API_BASE") or CHATGPT_API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02a1279efdd62e76 Filesystem access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:87
            with open(self.auth_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0cdf0bbbb8bed1b Filesystem access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:97
            with open(self.auth_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bd97a112ce58f23 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:153
    term_program = os.getenv("TERM_PROGRAM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9017f7738038c3d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:155
        version = os.getenv("TERM_PROGRAM_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #195f7e83a39f3869 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:159
    wezterm_version = os.getenv("WEZTERM_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d426cfd19f7d8969 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:164
    if os.getenv("ITERM_SESSION_ID") or os.getenv("ITERM_PROFILE") or os.getenv("ITERM_PROFILE_NAME"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a39a6e2d358f7bb7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:167
    if os.getenv("TERM_SESSION_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57f7255e7887e986 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:170
    if os.getenv("KITTY_WINDOW_ID") or "kitty" in (os.getenv("TERM") or ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4405b8f44398113b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:173
    if os.getenv("ALACRITTY_SOCKET") or os.getenv("TERM") == "alacritty":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e685d84e802c21e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:176
    konsole_version = os.getenv("KONSOLE_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba8371b1c89a17c4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:181
    if os.getenv("GNOME_TERMINAL_SCREEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80c2a59b4d352562 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:184
    vte_version = os.getenv("VTE_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6c81d8591f8f7ba Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:189
    if os.getenv("WT_SESSION"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67a0240ce1f465ca Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:192
    term = os.getenv("TERM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aa8ba3efd424e53 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:209
    originator = os.getenv("CHATGPT_ORIGINATOR") or DEFAULT_ORIGINATOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a19f113b879cdfd2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:214
    override = os.getenv("CHATGPT_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aa4d0ad44dee335 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:222
    suffix = os.getenv("CHATGPT_USER_AGENT_SUFFIX", "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8cdfd0306bd86dc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:250
    return os.getenv("CHATGPT_DEFAULT_INSTRUCTIONS") or CHATGPT_DEFAULT_INSTRUCTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35856a32b7587d20 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/aiohttp_transport.py:352
        if not (litellm.disable_aiohttp_trust_env or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRUST_ENV", "False"))):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b762ad4633d23c6 Filesystem access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/container_handler.py:45
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61c1c7e9099d4464 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:115
    user_agent = os.environ.get("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c7a5a9071c105b7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:258
        ssl_verify = os.getenv("SSL_VERIFY", litellm.ssl_verify)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #640233d0cefb4327 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:273
        ssl_cert_file = os.getenv("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09a7cf58a1de3b87 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:315
    ssl_security_level = os.getenv("SSL_SECURITY_LEVEL", litellm.ssl_security_level)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d8895167efa498d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:316
    ssl_ecdh_curve = os.getenv("SSL_ECDH_CURVE", litellm.ssl_ecdh_curve)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0703c6baa58445d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:322
        ssl_cert_file = os.getenv("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb8f146f5e22bc05 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:541
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a58df10b7b6173a5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:941
            or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRANSPORT", "False")) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #affa51e06d258219 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1001
        if str_to_bool(os.getenv("AIOHTTP_TRUST_ENV", "False")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70294d921f489391 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1085
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54a130388cba591c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/httpx_handler.py:19
    user_agent = os.environ.get("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c73433192ec8c104 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/chat/transformation.py:167
            or os.getenv("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca18d5ceb2d66276 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/chat/transformation.py:168
            or os.getenv("DATABRICKS_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3245b43fd9d1851 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:335
        client_id = os.getenv("DATABRICKS_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caac656a3faf3bdd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:336
        client_secret = os.getenv("DATABRICKS_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eeb5613e0c1620b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:340
            api_base = os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3275d6c484f82ef9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/embed/handler.py:36
            or os.getenv("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6143c28a608e04a9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/embed/handler.py:37
            or os.getenv("DATABRICKS_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdd5d9125748d3fc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:48
        api_key = litellm_params.api_key or os.getenv("DATABRICKS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea7653d3603b6977 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:49
        api_base = litellm_params.api_base or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41b8e3dc4dcc0f50 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:71
        api_base = api_base or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0274a27e1e00c494 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:31
        self.token_dir = os.getenv(
            "GITHUB_COPILOT_TOKEN_DIR",
            os.path.expanduser("~/.config/litellm/github_copilot"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1537def5a27f3545 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:37
            os.getenv("GITHUB_COPILOT_ACCESS_TOKEN_FILE", "access-token"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97b82008230d93f3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:39
        self.api_key_file = os.path.join(self.token_dir, os.getenv("GITHUB_COPILOT_API_KEY_FILE", "api-key.json"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ee750d4cc88dda1 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:53
            with open(self.access_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7e10ad8bd088c9b Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:65
                    with open(self.access_token_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64f6e9f183013b31 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:90
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #899bb92efc685268 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:109
            with open(self.api_key_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a54763045bcad86 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:139
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d4c9d8691708118 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:160
        api_key_url = os.getenv("GITHUB_COPILOT_API_KEY_URL", DEFAULT_GITHUB_API_KEY_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2e0bb4d3f3a718b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:228
            device_code_url = os.getenv("GITHUB_COPILOT_DEVICE_CODE_URL", DEFAULT_GITHUB_DEVICE_CODE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c730b0f18539b24d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:229
            client_id = os.getenv("GITHUB_COPILOT_CLIENT_ID", DEFAULT_GITHUB_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f90057cdc5256a0b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:282
        access_token_url = os.getenv("GITHUB_COPILOT_ACCESS_TOKEN_URL", DEFAULT_GITHUB_ACCESS_TOKEN_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #064f8452977e3e30 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:283
        client_id = os.getenv("GITHUB_COPILOT_CLIENT_ID", DEFAULT_GITHUB_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e65d4b85140593d9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/chat/transformation.py:42
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab75fee532493ea4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/embedding/transformation.py:106
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aada563eea454f0d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/responses/transformation.py:256
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c59b24a88de78fe2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/heroku/chat/transformation.py:52
        api_base = api_base or os.getenv("HEROKU_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f90e68d2ec05ce54 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/heroku/chat/transformation.py:53
        api_key = api_key or os.getenv("HEROKU_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b24ba60f6895f51 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:80
            base_url = os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b609e9df5745ce8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:100
        elif os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4782f7eee4119fd8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:101
            complete_url = str(os.getenv("HF_API_BASE")) or str(os.getenv("HUGGINGFACE_API_BASE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0da396118165196 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:76
    if os.getenv("HUGGINGFACE_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cba1d1c0ba445071 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77
        headers["Authorization"] = f"Bearer {os.getenv('HUGGINGFACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5ef79df11a5ed55 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:329
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0a087713016209d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:330
            embed_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16801587aea1d9e7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:331
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d17a1ff859c2998 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:332
            embed_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1061153802cba37f Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:160
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #815e075f51a001ae Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:174
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #874564f636f933c0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:329
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0de6db2b12afcb74 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:330
            completion_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad79d8a92ea07ed Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:331
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4110408ac8f142c6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:332
            completion_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e08d19e861369dbb Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:56
        elif os.getenv("HF_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32417e54f0a59451 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:57
            return os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eea48c276586f281 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:58
        elif os.getenv("HUGGINGFACE_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c7c88e3cab04182 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:59
            return os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7c0b56d904ccc37 Filesystem access.
pkgs/python/[email protected]/litellm/llms/litellm_proxy/skills/sandbox_executor.py:102
                        with open(local_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c9f08ac30cfec92 Filesystem access.
pkgs/python/[email protected]/litellm/llms/litellm_proxy/skills/sandbox_executor.py:260
                        with open(tmp_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48d53b950c6fc80b Filesystem access.
pkgs/python/[email protected]/litellm/llms/oci/common_utils.py:130
        with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c773a0b109d0d7f4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/oci/common_utils.py:166
        "oci_region": optional_params.get("oci_region") or os.environ.get(_OCI_REGION_ENV) or "us-ashburn-1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57f40929b115d728 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/oci/common_utils.py:167
        "oci_user": optional_params.get("oci_user") or os.environ.get(_OCI_USER_ENV),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #536421783e468bad Environment-variable access.
pkgs/python/[email protected]/litellm/llms/oci/common_utils.py:168
        "oci_fingerprint": optional_params.get("oci_fingerprint") or os.environ.get(_OCI_FINGERPRINT_ENV),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0293a5c00536b017 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/oci/common_utils.py:169
        "oci_tenancy": optional_params.get("oci_tenancy") or os.environ.get(_OCI_TENANCY_ENV),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #543231bef01f99c8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/oci/common_utils.py:170
        "oci_key": optional_params.get("oci_key") or os.environ.get(_OCI_KEY_ENV),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71b8eaf2f70c6934 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/oci/common_utils.py:171
        "oci_key_file": optional_params.get("oci_key_file") or os.environ.get(_OCI_KEY_FILE_ENV),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8b96c24f78b5fe1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/oci/common_utils.py:172
        "oci_compartment_id": optional_params.get("oci_compartment_id") or os.environ.get(_OCI_COMPARTMENT_ID_ENV),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4962ebe474bd8d8b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/ollama/common_utils.py:65
            or os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9ba064d1e456546 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/ollama/completion/transformation.py:216
            os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98233a6d20599500 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/chat/gpt_transformation.py:416
        resolved_api_base = api_base or litellm.api_base or os.getenv("OPENAI_BASE_URL") or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5b28405785e10ea Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:259
        or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d229e5ebc806086 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:260
        or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1bff059bfdf06c6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:263
    resolved_organization = organization or litellm.organization or os.getenv("OPENAI_ORGANIZATION", None) or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #894f58bef28c0c1c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:264
    resolved_api_key = api_key or litellm.api_key or litellm.openai_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34d87bf07e28ef3c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/responses/count_tokens/token_counter.py:54
            api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43ec3902895fa070 Filesystem access.
pkgs/python/[email protected]/litellm/llms/openai_like/json_loader.py:47
            with open(json_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aec3fefe74904164 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/transformation.py:324
        elif "PREDIBASE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #895c3f949274de7a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/transformation.py:325
            base_url = os.getenv("PREDIBASE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01aeb7b5897f3eb3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:30
    return os.getenv(HOME_PATH_ENV_VAR, DEFAULT_HOME_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81db953fb9b833b1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:55
    raw = os.environ.get(var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82a3b6d25bc66eb4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:132
    profile = profile or os.environ.get(PROFILE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5e9db97392da418 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:133
    cfg_env = os.getenv(CONFIG_FILE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afa194d7033000e0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:250
    service_key = _parse_service_key_once(service_key or litellm.sap_service_key or os.environ.get(SERVICE_KEY_ENV_VAR))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a362f1dc00013c2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:261
            lambda cv: _str_or_none(os.environ.get(f"AICORE_{cv.name.upper()}")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e22458b0696911d6 Filesystem access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:448
                with open(cert_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f25ae634f946b1a2 Filesystem access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:450
                with open(key_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63b0956988b8f690 Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:223
        with open(str(content), "rb") as handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #696cc50db5344129 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:357
            litellm_params.get("gcs_bucket_name") or litellm_params.get("bucket_name") or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da1f3b0a89606a04 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:65
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42ffd8c1f008923f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:73
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f738442fac90bb2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:74
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af9c5d0c87035981 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:83
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5e4ce0ee64ec11c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:85
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93223c9ced44c15d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:73
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10c308785009d72d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:81
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54af62c6b1012075 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:82
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61853bfabc1080e0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:91
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fa8036bc5400397 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:93
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8aad05a9789aafa Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:108
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a03b9c4368fc3781 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:116
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d8048a87c64c63e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:117
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae13aac1751ba315 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:126
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e90cfcc98cc3e9f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:128
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec457ef5031b83e1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:88
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbff9b39d94aa056 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:96
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e2255403490e16e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:97
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #001fdbb6044033a8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:106
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a7bdf89cd2954e8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:108
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91569c45b453b89c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:89
        self.gcs_bucket = self.vector_store_config.get("gcs_bucket") or os.environ.get("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #feb8cfcb431c6e15 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:127
        original_bucket = os.environ.get("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ba55aaa5497411d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:129
            os.environ["GCS_BUCKET_NAME"] = self.gcs_bucket

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03ab4e57cc91f176 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:157
                os.environ["GCS_BUCKET_NAME"] = original_bucket

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6303ec26817da6cd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:158
            elif "GCS_BUCKET_NAME" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15d837620ca2992a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:159
                del os.environ["GCS_BUCKET_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #781dc8e250fc26ee Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_ai_non_gemini.py:145
                f"VERTEX AI: creds={creds}; google application credentials: {os.getenv('GOOGLE_APPLICATION_CREDENTIALS')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb7ff7ee339795bf Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_llm_base.py:114
                        with open(credentials) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #325c60e59b5ada3b Filesystem access.
pkgs/python/[email protected]/litellm/llms/xai/oauth.py:182
            with open(self.auth_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52a2bc3f0e0c1666 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2534
    api_key = api_key or litellm.anthropic_key or litellm.api_key or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2930278774457c79 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2588
    api_key = api_key or litellm.anthropic_key or litellm.api_key or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7737907b16c82ec5 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2889
        or os.environ.get("HF_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f28bf83dd62a5cf4 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2890
        or os.environ.get("HUGGINGFACE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c7ed104f506715b Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3042
        or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a907f41047b6e42 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:4112
    api_key = api_key or litellm.ollama_key or os.environ.get("OLLAMA_API_KEY") or litellm.api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad6ff96b92892d04 Filesystem access.
pkgs/python/[email protected]/litellm/ocr/main.py:515
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c18a2d212f4f307a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/oauth_utils.py:75
    configured = os.environ.get("PROXY_BASE_URL", "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a4781a1c16f710d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/oauth_utils.py:214
    raw = os.environ.get(_TRUSTED_REDIRECT_ORIGINS_ENV, "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20f8fb34084cbed3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/oauth_utils.py:272
    raw = os.environ.get(_TRUSTED_NATIVE_REDIRECT_URIS_ENV, "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ef1770111b4ad91 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/oauth_utils.py:470
        os.environ.get("PROXY_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56e31e12bdc961ea Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/oauth_utils.py:475
        os.environ.get(_TRUSTED_REDIRECT_ORIGINS_ENV),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b1466f43863fa05 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/oauth_utils.py:476
        os.environ.get(_TRUSTED_NATIVE_REDIRECT_URIS_ENV),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b46787c461726494 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py:114
    with open(filepath, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e923ba5dcd3cc200 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:33
LITELLM_MCP_SERVER_NAME = os.environ.get("LITELLM_MCP_SERVER_NAME", "litellm-mcp-server")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d741102674e78d4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:35
LITELLM_MCP_SERVER_DESCRIPTION = os.environ.get("LITELLM_MCP_SERVER_DESCRIPTION", "MCP Server for LiteLLM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #899dfd88e0ba9183 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:36
MCP_TOOL_PREFIX_SEPARATOR = os.environ.get("MCP_TOOL_PREFIX_SEPARATOR", "-")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5ca76d450ff1e4e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:86
    raw = os.environ.get("LITELLM_USE_SHORT_MCP_TOOL_PREFIX", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e81c6bdcac47bd19 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:529
    base = os.environ.get("PROXY_BASE_URL", "").rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe81d76f944cb912 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/_lazy_openapi_snapshot.py:131
    SNAPSHOT_FILE.write_text(json.dumps(fragments, indent=2, sort_keys=True) + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7c94c91ff969aac Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_logging.py:11
log_level = os.getenv("LITELLM_LOG", "INFO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3d09dbcb290b279 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/agent_endpoints/endpoints.py:136
AGENT_HEALTH_CHECK_TIMEOUT_SECONDS = float(os.environ.get("LITELLM_AGENT_HEALTH_CHECK_TIMEOUT", "5.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d15535d8e77edaea Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/agent_endpoints/endpoints.py:137
AGENT_HEALTH_CHECK_GATHER_TIMEOUT_SECONDS = float(os.environ.get("LITELLM_AGENT_HEALTH_CHECK_GATHER_TIMEOUT", "30.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33a4eb8cbda3b925 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:1035
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0b66f0277d36c37 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:1036
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #205c42980c76ace3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:1037
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28b9b74d00d03f23 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:679
        keys_url = os.getenv("JWT_PUBLIC_KEY_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eed4a256c633340e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:798
        audience = os.getenv("JWT_AUDIENCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ccd6de23a17f2e4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:799
        issuer = os.getenv("JWT_ISSUER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9935ca2b1a78a415 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:28
        self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b6a5358e404287c Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:46
                with open(_path_to_public_key, "rb") as key_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #215d54bdc76ca4b0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:109
                self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b35a9543927a0b8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:68
    ui_username = os.getenv("UI_USERNAME", "admin")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c763d3fbd4b8363 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:69
    ui_password = os.getenv("UI_PASSWORD", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e502c516ce622c80 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:175
            os.getenv("PROXY_ADMIN_ID", None) is not None and os.environ["PROXY_ADMIN_ID"] == user_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a42fab0770efa0d3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:178
            key_user_id = os.getenv("PROXY_ADMIN_ID", LITELLM_PROXY_ADMIN_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4328f35a5e8a22a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:193
        if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #728040868a3ff9c4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:268
            if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d1142cbe44d6670 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:139
        token_info_endpoint = os.getenv("OAUTH_TOKEN_INFO_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de70387393f4de15 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:140
        user_id_field_name = os.environ.get("OAUTH_USER_ID_FIELD_NAME", "sub")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00b6352600be57e2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:141
        user_role_field_name = os.environ.get("OAUTH_USER_ROLE_FIELD_NAME", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48d3e7700033b429 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:142
        user_team_id_field_name = os.environ.get("OAUTH_USER_TEAM_ID_FIELD_NAME", "team_id")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34cc58cd2f8d1e87 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:145
        oauth_client_id = os.environ.get("OAUTH_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdb5b65c945e5fab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:146
        oauth_client_secret = os.environ.get("OAUTH_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8c31b8f479d7d77 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:76
            oidc_token = open(aws_web_identity_token).read()  # check if filepath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50147c2c2958a548 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:161
            aws_region_name=os.getenv("AWS_REGION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e11c9db43087dced Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:162
            aws_access_key_id=os.getenv("AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b45b6f80e227df5e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:163
            aws_secret_access_key=os.getenv("AWS_SECRET_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0825fa2b1307b79 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:164
            aws_session_name=os.getenv("AWS_SESSION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9adfd7f791be4db Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:165
            aws_profile_name=os.getenv("AWS_PROFILE_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e71ff23afb382115 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:166
            aws_role_name=os.getenv("AWS_ROLE_NAME", os.getenv("AWS_ROLE_ARN")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bcc82ebcfcd28f9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:167
            aws_web_identity_token=os.getenv("AWS_WEB_IDENTITY_TOKEN", os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8f6f6f60d9d8862 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/agents.py:200
        base_env if base_env is not None else os.environ,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8739941bf14e291 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:30
    with open(token_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb8401bdd42f1e9f Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:43
        with open(token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36ae0d1a6a3339b5 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/chat.py:275
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b5c2f0c95e235ed Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/chat.py:294
        with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1df856f9542ab125 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/models.py:368
    with open(yaml_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93b864e46752d326 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:85
if os.environ.get("LITELLM_PROFILE", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a20749c0ca9c415c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:759
            litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1e5c118a4fa490b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/encrypt_decrypt_utils.py:11
    salt_key = os.getenv("LITELLM_SALT_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #982211f7633e369d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:5
url_to_redirect_to = os.getenv("PROXY_BASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb101a75dfa4fb17 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:6
server_root_path = os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc67dcbbc5093f0d Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:108
        with open(local_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4f731ecbdd8c3f6 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:155
        with open(local_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25dab0ba3f614b66 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/static_asset_utils.py:38
        with open(resolved, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c8a3fdff1127a1b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/container_endpoints/handler_factory.py:31
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2383150134626f38 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/check_migration.py:95
        db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7251535f620783f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/db_spend_update_writer.py:729
        spend_logs_url: Optional[str] = os.getenv("SPEND_LOGS_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab0c12ab0ef5760e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/db_url_settings.py:285
            os.environ["DATABASE_URL"] = writer_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #470bbc9f0c6d7d5f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/db_url_settings.py:289
                os.environ[_IAM_ENV_KEY] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71fd3631a3c11fe2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/db_url_settings.py:294
            os.environ["DATABASE_URL_READ_REPLICA"] = reader_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25d6c6f74b7e0a2e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:68
        os.environ["AWS_ACCESS_KEY_ID"] = aws_access_key_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cab71cd185580cb4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:69
        os.environ["AWS_SECRET_ACCESS_KEY"] = aws_secret_access_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4004b76052be321 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:70
        os.environ["AWS_SESSION_TOKEN"] = aws_session_token

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16f1e74306e081b2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:250
        db_url = os.getenv(self._db_url_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #354607f71a522e3d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:305
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31defaa87e5c5ef0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:309
            db_port = os.getenv("DATABASE_PORT", "5432")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e8ccb49b4127617 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:310
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #238db8387796d7ca Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:311
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d26bbe5f1651f52b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:312
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5b967b0b54a889d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:320
        os.environ[self._db_url_env_var] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33df375ff7e4c423 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:514
            if self._token_refresh_not_needed(os.getenv(self._db_url_env_var)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9035c7d90d1e0f90 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:577
            db_url = os.getenv(self._db_url_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d88b5812df5d398 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:705
        disable_updates = os.getenv("DISABLE_SCHEMA_UPDATE", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #673b02c614959aef Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/routing_prisma_wrapper.py:200
        reader_url = os.getenv("DATABASE_URL_READ_REPLICA", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00b725c436d652ba Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/discovery_endpoints/ui_discovery_endpoints.py:22
        os.getenv("AUTO_REDIRECT_UI_LOGIN_TO_SSO", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45672750cc6ee4c2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/discovery_endpoints/ui_discovery_endpoints.py:25
    admin_ui_disabled = os.getenv("DISABLE_ADMIN_UI", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8faade80c3d735d9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/discovery_endpoints/ui_discovery_endpoints.py:27
        os.getenv("LITELLM_HIDE_DEFAULT_CREDENTIALS_HINT", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00e6b3a8893ff7e2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/example_config_yaml/custom_auth.py:10
        modified_master_key = f"{os.getenv('LITELLM_MASTER_KEY')}-1234"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a3c1cd35ecf521a Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_endpoints.py:1371
        with open(category_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dec543f9a9e3c3a9 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_endpoints.py:1406
        with open(airlines_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1f4bb9637364842 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:53
        self.api_key = api_key or os.environ.get("AIM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #461acc4bd4202b19 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:60
        self.api_base = api_base or os.environ.get("AIM_API_BASE") or "https://api.aim.security"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #978833e6286b33d4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:80
        self.akto_base_url = (akto_base_url or os.environ.get("AKTO_GUARDRAIL_API_BASE", "")).rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f07cf442c9775687 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:84
        self.akto_api_key = akto_api_key or os.environ.get("AKTO_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ae5f45c18338e31 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:90
        self.akto_account_id = akto_account_id or os.environ.get("AKTO_ACCOUNT_ID", "1000000")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #323b1d169073d626 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:91
        self.akto_vxlan_id = akto_vxlan_id or os.environ.get("AKTO_VXLAN_ID", "0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #642fa24b02ead321 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:42
        self.aporia_api_key = api_key or os.environ["APORIO_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1cdadcb1140fc5c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:43
        self.aporia_api_base = api_base or os.environ["APORIO_API_BASE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee08d5af9c122045 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/cato_networks/cato_networks.py:58
        self.api_key = api_key or os.environ.get("CATO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de80c11a0fd816f2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/cato_networks/cato_networks.py:65
        self.api_base = api_base or os.environ.get("CATO_API_BASE") or "https://api.aisec.catonetworks.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a67232ce50e4795 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/cisco_ai_defense/cisco_ai_defense.py:159
        resolved_api_key = api_key or os.environ.get("CISCO_AI_DEFENSE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #858306e8d8c83ee7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/cisco_ai_defense/cisco_ai_defense.py:168
        self.api_base: str = (api_base or os.environ.get("CISCO_AI_DEFENSE_API_BASE") or CISCO_DEFAULT_API_BASE).rstrip(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #faa0ba84f04217ce Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/cisco_ai_defense/cisco_ai_defense.py:220
            env_timeout = os.environ.get("CISCO_AI_DEFENSE_TIMEOUT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afdfb40fdf5b0d73 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/cisco_ai_defense/cisco_ai_defense.py:269
        candidate = value if value is not None else os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0cc07532c13f951 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py:136
        self.api_key = api_key or os.environ.get("CS_AIDR_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7367b3c16e42d66 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py:142
        self.api_base = api_base or os.environ.get("CS_AIDR_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86335ba07a13c3ab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:54
        self.api_key = api_key or os.getenv("DYNAMOAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #389e272d81c14cb9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:60
        self.api_base = api_base or os.getenv("DYNAMOAI_API_BASE", "https://api.dynamo.ai")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cca53bc4c84e189b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:64
        self.model_id = model_id or os.getenv("DYNAMOAI_MODEL_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01b2b58d2cefec98 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:67
        env_policy_ids = os.getenv("DYNAMOAI_POLICY_IDS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10fc3fcb55338c3c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/enkryptai/enkryptai.py:65
        self.api_key = api_key or os.getenv("ENKRYPTAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dfa977e06b51038 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/enkryptai/enkryptai.py:71
        self.api_base = api_base or os.getenv("ENKRYPTAI_API_BASE", "https://api.enkryptai.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1300d84882284017 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/generic_guardrail_api/generic_guardrail_api.py:191
        base_url = api_base or os.environ.get("GENERIC_GUARDRAIL_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e127fb7dea55c0c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:82
        api_key_value = api_key or os.getenv("GRAYSWAN_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f38b5826db71643 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:89
        base = api_base or os.getenv("GRAYSWAN_API_BASE") or self.BASE_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b40455a5abd42217 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:607
        env_val = os.getenv("GRAYSWAN_VIOLATION_THRESHOLD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f288c23f7ded1086 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:618
        env_val = os.getenv("GRAYSWAN_REASONING_MODE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd8c8c5d3669d610 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/guardrails_ai/guardrails_ai.py:73
        self.guardrails_ai_api_base = api_base or os.getenv("GUARDRAILS_AI_API_BASE") or "http://0.0.0.0:8000"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8be9dcb1c2310fab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:74
        self.hiddenlayer_client_id = api_id or os.getenv("HIDDENLAYER_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #340e165b564bb9ed Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:75
        self.hiddenlayer_client_secret = api_key or os.getenv("HIDDENLAYER_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18a4fadfae6f8a71 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:76
        self.api_base = api_base or os.getenv("HIDDENLAYER_API_BASE") or "https://api.hiddenlayer.ai"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3e650ec3f75e048 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:79
        auth_url = auth_url or os.getenv("HIDDENLAYER_AUTH_URL") or "https://auth.hiddenlayer.ai"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5668fa7e68e475a5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:278
        self.hiddenlayer_client_id = api_id or os.getenv("HIDDENLAYER_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d402b4bf9935cb2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:279
        self.hiddenlayer_client_secret = api_key or os.getenv("HIDDENLAYER_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e8549cd707e7ab5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:280
        self.api_base = api_base or os.getenv("HIDDENLAYER_API_BASE") or "https://api.hiddenlayer.ai"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a40607cd0b434dd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:283
        auth_url = auth_url or os.getenv("HIDDENLAYER_AUTH_URL") or "https://auth.hiddenlayer.ai"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e10dca8538649273 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ibm_guardrails/ibm_detector.py:55
        self.auth_token = auth_token or os.getenv("IBM_GUARDRAILS_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f917ab78867a510 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai.py:58
        self.lakera_api_key = api_key or os.environ.get("LAKERA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e0da0fdcec09b04 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai_v2.py:63
        self.lakera_api_key = api_key or os.environ.get("LAKERA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c24e1c451c04d206 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:107
        self.lasso_api_key = lasso_api_key or api_key or os.environ.get("LASSO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0bd52db4d294347 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:108
        self.user_id = user_id or os.environ.get("LASSO_USER_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d96921071f4727a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:109
        self.conversation_id = conversation_id or os.environ.get("LASSO_CONVERSATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa185cf303f881ea Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:118
        self.api_base = api_base or os.getenv("LASSO_API_BASE") or "https://server.lasso.security/gateway/v3"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c611c7200de65690 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/competitor_intent/airline.py:126
        with open(_MAJOR_AIRLINES_PATH, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #980e26956fba38ec Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:357
        allow_external = os.environ.get("LITELLM_CONTENT_FILTER_ALLOW_EXTERNAL_PATHS", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #202e294002e65bcb Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:613
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94229c1a61b9ed3b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:639
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1003b8c5478261c Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:739
            with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1180b2e0e759d0ab Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:40
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a197200bbe3a18c5 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:147
    with open(result_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaa4cf591f74e1ae Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:556
    not os.environ.get("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eab17ab62fda2831 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:575
    not os.environ.get("ANTHROPIC_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f8c946536890916 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/patterns.py:18
    with open(json_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f97671824e29fcb Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/patterns.py:151
                with open(category_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2048a62c894dd6f5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:109
    key_material = os.environ.get(env_var, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d67b68b485528492 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:114
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f1e335fdf648653 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:246
        key_material = os.environ.get(self.SIGNING_KEY_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c12ef7d865c4d72 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:264
            issuer or os.environ.get("MCP_JWT_ISSUER") or os.environ.get("LITELLM_EXTERNAL_URL") or "litellm"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc8ca4ad169cbe03 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:266
        self.audience: str = audience or os.environ.get("MCP_JWT_AUDIENCE") or self.DEFAULT_AUDIENCE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31cff43a5d1d1765 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:268
            ttl_seconds if ttl_seconds is not None else os.environ.get("MCP_JWT_TTL_SECONDS", str(self.DEFAULT_TTL))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84bb81bbd5407481 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:130
        self.api_key = api_key or os.environ.get("NOMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ccf4671cfc64abe Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:131
        self.api_base = api_base or os.environ.get("NOMA_API_BASE", NomaGuardrail._DEFAULT_API_BASE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6fbf31ca88bae6e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:132
        self.application_id = application_id or os.environ.get("NOMA_APPLICATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #988b12f93a2c0451 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:136
            self.monitor_mode = os.environ.get("NOMA_MONITOR_MODE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc0d136118155d81 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:141
            self.block_failures = os.environ.get("NOMA_BLOCK_FAILURES", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6078b9ff53509b71 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:146
            self.anonymize_input = os.environ.get("NOMA_ANONYMIZE_INPUT", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb85d5b42eb4da3b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:58
        self.api_key = api_key or os.environ.get("NOMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb1125fc07223adb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:59
        self.api_base = (api_base or os.environ.get("NOMA_API_BASE") or _DEFAULT_API_BASE).rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb47bf2ec76686f6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:60
        self.application_id = application_id or os.environ.get("NOMA_APPLICATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9021c97fcfb5908 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:62
            self.monitor_mode = os.environ.get("NOMA_MONITOR_MODE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17b676ffbf616303 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:67
            self.block_failures = os.environ.get("NOMA_BLOCK_FAILURES", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25db35d5571c1a85 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:38
        timeout = timeout or int(os.getenv("ONYX_TIMEOUT", 10.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aa5b647dd6d0b6e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:43
        self.api_base = api_base or os.getenv(
            "ONYX_API_BASE",
            "https://ai-guard.onyx.security",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84dc12d09a03bd17 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:47
        self.api_key = api_key or os.getenv("ONYX_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d528b590b4c11a6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/openai/moderations.py:112
            os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #569ad6443d3ba841 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ovalix/ovalix.py:78
        self._tracker_api_base = tracker_api_base or os.environ.get("OVALIX_TRACKER_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e9f00defa53366f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ovalix/ovalix.py:79
        self._tracker_api_key = tracker_api_key or os.environ.get("OVALIX_TRACKER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb5ee505faea6f40 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ovalix/ovalix.py:80
        self._application_id = application_id or os.environ.get("OVALIX_APPLICATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acb439cd4fd48ffd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ovalix/ovalix.py:81
        self._pre_checkpoint_id = pre_checkpoint_id or os.environ.get("OVALIX_PRE_CHECKPOINT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19b4015ab34da6a3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ovalix/ovalix.py:82
        self._post_checkpoint_id = post_checkpoint_id or os.environ.get("OVALIX_POST_CHECKPOINT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d197abda46e636c8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:81
        self.api_key = api_key or os.environ.get("PANGEA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1365e6dd608a9adb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:88
        self.api_base = api_base or os.environ.get("PANGEA_API_BASE") or "https://ai-guard.aws.us.pangea.cloud"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92bfcc120325a482 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:112
        self.api_key = api_key or os.getenv("PANW_PRISMA_AIRS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4241849d44047c52 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:114
            api_base or os.getenv("PANW_PRISMA_AIRS_API_BASE") or "https://service.api.aisecurity.paloaltonetworks.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d48f94a65bdd95c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:199
        self.api_key = api_key or os.environ.get("PILLAR_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8362066dd37f320 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:208
        self.api_base = api_base or os.getenv("PILLAR_API_BASE") or self.BASE_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44d8f93e1bd2504a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:211
        action = on_flagged_action or os.environ.get("PILLAR_ON_FLAGGED_ACTION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b26bbe19e45e64e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:247
        action = fallback_on_error or os.environ.get("PILLAR_FALLBACK_ON_ERROR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c9118463b114314 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:264
                self.timeout = float(os.environ.get("PILLAR_TIMEOUT", str(self.DEFAULT_TIMEOUT)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebe54ca05a94f62c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:267
                    f"Pillar Guardrail: Invalid PILLAR_TIMEOUT value '{os.environ.get('PILLAR_TIMEOUT')}', "

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #438d425cd5d7550a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:585
            env_value = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f775801650177f6 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:129
                with open(ad_hoc_recognizers, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6495d5e80c36f614 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:39
        self.api_key = api_key or os.environ.get("PROMPT_SECURITY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c197a19f5ce4b36 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:40
        self.api_base = api_base or os.environ.get("PROMPT_SECURITY_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f53e660a72060a07 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:41
        self.user = user or os.environ.get("PROMPT_SECURITY_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e5a3485983606c8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:42
        self.system_prompt = system_prompt or os.environ.get("PROMPT_SECURITY_SYSTEM_PROMPT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a84d74df4936984b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:48
            check_tool_results_env = os.environ.get("PROMPT_SECURITY_CHECK_TOOL_RESULTS", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5007ae36aa537c9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:57
        self.api_key = api_key or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fb86f734c311f90 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:57
        self.api_key = api_key or os.environ.get(
            "PROMPTGUARD_API_KEY",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6daecca19377b540 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:68
        self.api_base = (api_base or os.environ.get("PROMPTGUARD_API_BASE") or _DEFAULT_API_BASE).rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2492513df362e558 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:71
            env = os.environ.get("PROMPTGUARD_BLOCK_ON_ERROR", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d557fdaa9d72fd6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qohash/qohash.py:29
        api_base = api_base or os.environ.get("QOSTODIAN_NEXUS_API_BASE", "http://nexus:8800")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f09ea495dcbf8b2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qualifire/qualifire.py:65
        self.qualifire_api_key = api_key or get_secret_str("QUALIFIRE_API_KEY") or os.environ.get("QUALIFIRE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5baa84dc85f374ca Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qualifire/qualifire.py:69
            or os.environ.get("QUALIFIRE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5029819f9bc73ba Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/semantic_guard/route_loader.py:38
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6d78ab4d4fce9e9 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/semantic_guard/route_loader.py:56
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0febff525ac54621 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:92
        self.api_key = api_key or os.environ.get("XECGUARD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #726c5bda855eeab9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:101
        self.api_base = (api_base or os.environ.get("XECGUARD_API_BASE") or _DEFAULT_API_BASE).rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b0f83888f00f851 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:107
            env = os.environ.get("XECGUARD_BLOCK_ON_ERROR", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d58005b3906f016e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:41
        self.zscaler_ai_guard_url = api_base or os.getenv(
            "ZSCALER_AI_GUARD_URL",
            "https://api.us1.zseclipse.net/v1/detection/execute-policy",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72ff88499bbdfbcd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:45
        self.policy_id = policy_id if policy_id is not None else int(os.getenv("ZSCALER_AI_GUARD_POLICY_ID", -1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6488ece8959b12e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:46
        self.api_key = api_key or os.getenv("ZSCALER_AI_GUARD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aec742de436f990 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:50
            else os.getenv("SEND_USER_API_KEY_ALIAS", "False").lower() in ("true", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68aceb19dce14fcf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:55
            else os.getenv("SEND_USER_API_KEY_USER_ID", "False").lower() in ("true", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c918642d602753c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:60
            else os.getenv("SEND_USER_API_KEY_TEAM_ID", "False").lower() in ("true", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d89e5a9ec50c1ff Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/health_endpoints/_health_endpoints.py:414
                user_email=os.getenv("TEST_EMAIL_ADDRESS"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0daff91629d71c55 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/health_endpoints/_health_endpoints.py:1504
    env_token = os.getenv("DRAIN_ENDPOINT_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84b0b11fc74f1784 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/__init__.py:31
if os.getenv("LEGACY_MULTI_INSTANCE_RATE_LIMITING", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de02ab16d6fb5ef8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/dynamic_rate_limiter.py:114
                if os.getenv("LITELLM_LICENSE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7a6a7382468b2b0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/dynamic_rate_limiter_v3.py:120
            if os.getenv("LITELLM_LICENSE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e618252ae7283552 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/max_budget_per_session_limiter.py:71
            os.getenv(
                "LITELLM_MAX_BUDGET_PER_SESSION_TTL",
                DEFAULT_MAX_BUDGET_PER_SESSION_TTL,
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a231fb82097cce1a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/max_iterations_limiter.py:73
        self.ttl = int(os.getenv("LITELLM_MAX_ITERATIONS_TTL", DEFAULT_MAX_ITERATIONS_TTL))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd6dc937792e1365 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:308
        self.window_size = int(os.getenv("LITELLM_RATE_LIMIT_WINDOW_SIZE", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2e03576bb1406c4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:314
        self.tpm_reservation_enabled = os.getenv("LITELLM_TPM_TOKEN_RESERVATION_ENABLED", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d00b803c4d42ee81 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/responses_id_security.py:166
        salt_key = os.getenv("LITELLM_SALT_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de66574d819e2c16 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/sensitive_data_routing.py:46
            os.getenv(
                "LITELLM_SENSITIVE_ROUTING_TTL",
                str(DEFAULT_SENSITIVE_ROUTING_TTL),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e7afc29b8607dd6 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/callback_management_endpoints.py:52
    with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c67d00770bff8a2f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:153
        env_value = os.environ.get(env_var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c82c7b2f26340e94 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:195
            os.environ[env_var_name] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78fa167094f669ff Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:197
            os.environ.pop(env_var_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1de5e807d85432be Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/key_management_endpoints.py:4128
    grace_period_value = grace_period or os.getenv("LITELLM_KEY_ROTATION_GRACE_PERIOD", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2afc031c19aff092 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/mcp_management_endpoints.py:2390
            with open(_MCP_REGISTRY_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c0e55105bbb8b1e Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/mcp_management_endpoints.py:2460
        with open(_OPENAPI_REGISTRY_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75651c8d3bb8cd73 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/policy_endpoints/endpoints.py:616
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1742b3c8e7a32ee5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/policy_endpoints/endpoints.py:636
    use_local = os.getenv("LITELLM_LOCAL_POLICY_TEMPLATES", "").strip().lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32b984e4b995debf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:59
        custom_authorization_endpoint = os.getenv("MICROSOFT_AUTHORIZATION_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90e31378c1796424 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:60
        custom_token_endpoint = os.getenv("MICROSOFT_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45d7d93941bdfafd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:61
        custom_userinfo_endpoint = os.getenv("MICROSOFT_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #767f914cae455fc6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:803
                generic_user_role_attribute_name = os.getenv("GENERIC_USER_ROLE_ATTRIBUTE", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ebcd48205a3df81 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:845
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0526b9fdb662d7c5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:846
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d390ed3197184f7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:847
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9191c9bc292c8050 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:850
    _disable_ui_flag = os.getenv("DISABLE_ADMIN_UI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f097ec3d694e7964 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:945
        os.getenv("LITELLM_HIDE_DEFAULT_CREDENTIALS_HINT", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dd2e414074b264a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:964
    generic_user_id_attribute_name = os.getenv("GENERIC_USER_ID_ATTRIBUTE", "preferred_username")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12731bb8544f25e9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:965
    generic_user_display_name_attribute_name = os.getenv("GENERIC_USER_DISPLAY_NAME_ATTRIBUTE", "sub")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92e612c71e93c8e8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:966
    generic_user_email_attribute_name = os.getenv("GENERIC_USER_EMAIL_ATTRIBUTE", "email")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11194c72694ec0a6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:968
    generic_user_first_name_attribute_name = os.getenv("GENERIC_USER_FIRST_NAME_ATTRIBUTE", "first_name")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0397f661a1160f55 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:969
    generic_user_last_name_attribute_name = os.getenv("GENERIC_USER_LAST_NAME_ATTRIBUTE", "last_name")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa1c015be1802cd7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:971
    generic_provider_attribute_name = os.getenv("GENERIC_USER_PROVIDER_ATTRIBUTE", "provider")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a372453a8e2b972f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:973
    generic_user_role_attribute_name = os.getenv("GENERIC_USER_ROLE_ATTRIBUTE", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb0ef7617473317 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:975
    generic_user_extra_attributes = os.getenv("GENERIC_USER_EXTRA_ATTRIBUTES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #554c7b5e40cbfa98 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1072
    generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8233bab78b154951 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1073
    generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(" ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6abfe2190a639abb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1074
    generic_authorization_endpoint = os.getenv("GENERIC_AUTHORIZATION_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e994e6888c85758b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1075
    generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0673ccf11f5faef1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1076
    generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99a51d834c8fde20 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1077
    generic_include_client_id = os.getenv("GENERIC_INCLUDE_CLIENT_ID", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab564756d77f7edb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1187
    generic_role_mappings = os.getenv("GENERIC_ROLE_MAPPINGS_ROLES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f19da3ed539a0bc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1188
    generic_role_mappings_group_claim = os.getenv("GENERIC_ROLE_MAPPINGS_GROUP_CLAIM", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80c2e5589261d485 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1189
    generic_role_mappings_default_role = os.getenv("GENERIC_ROLE_MAPPINGS_DEFAULT_ROLE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f52925d2822acf6e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1220
    raw = os.getenv("GENERIC_SSO_HEADERS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4516b4cb7d0a54c3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1244
    pkce_configured = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3f8e7e6dc6d84a9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1728
    proxy_admin_id = os.getenv("PROXY_ADMIN_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ec3f6030bf62733 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1777
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a1b65644ee171c1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1778
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad1f6c90e340ae9d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1779
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d84d776c171d6a47 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2010
            generic_client_id=os.getenv("GENERIC_CLIENT_ID", None),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4438db7a748e5775 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2279
    _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ec0c455a0717ae4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2280
    _logout_url = os.getenv("PROXY_LOGOUT_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0514f51f7f59880 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2281
    _api_doc_base_url = os.getenv("LITELLM_UI_API_DOC_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b3d3bbbd532aa57 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2287
    if "PROXY_DEFAULT_TEAM_DISABLED" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d079c7366f7a6c2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2288
        if os.environ["PROXY_DEFAULT_TEAM_DISABLED"].lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce8cb3899fc4dcde Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2312
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b217c78b7388278 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2313
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e92befe386def70d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2314
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4df118e30609ac4c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2337
        google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08cca12245bcde87 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2342
        microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1ee7a3a71717d56 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2343
        microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4eaec964a7821bc0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2350
        generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e887ca96fd7537e9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2351
        generic_authorization_endpoint = os.getenv("GENERIC_AUTHORIZATION_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a925bd53e5bb399 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2352
        generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ec1e38faf3dc317 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2353
        generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fb75f9596df9d45 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2448
            google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af64d73719d3f5e7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2468
            microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dff95218de3a1e26 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2469
            microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e4a114e6349ee00 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2490
            generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27924e93b357aaa6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2491
            generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(" ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8c228b1d7e2e80e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2492
            generic_authorization_endpoint = os.getenv("GENERIC_AUTHORIZATION_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a643d69c6ab2666 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2493
            generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4477f999a481244 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2494
            generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c868693a98fc7f6c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2697
            generic_client_state = os.getenv("GENERIC_CLIENT_STATE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #929f4aa46d645963 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2705
        use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e159a1feab5b5c9f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2962
        if user_email is not None and os.getenv("ALLOWED_EMAIL_DOMAINS") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc24abefc591d7c8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2964
            allowed_domains = os.getenv("ALLOWED_EMAIL_DOMAINS").split(",")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4469544bbb43a84 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2985
            generic_user_role_attribute_name = os.getenv("GENERIC_USER_ROLE_ATTRIBUTE", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6fab99155ad2eb4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3238
        use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f582d66707fca32 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3326
        strict_cache_miss = os.getenv("PKCE_STRICT_CACHE_MISS", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbe2cf7e3b6cb7d0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3760
        microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fd16ee3d51fdc93 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3761
        microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7365892e06e34bfc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3903
            service_principal_id = os.getenv("MICROSOFT_SERVICE_PRINCIPAL_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3db6637b2e01b4bc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4081
        google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2037257e22b1004 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4118
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb8ceebab33d142c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4119
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24014044e67c9b58 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4120
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79b22801d868aefc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4187
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bf6d8f26e65e2d4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4188
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb67f843d560c9c7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4189
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ba49590b268701a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4191
    redirect_url = os.getenv("PROXY_BASE_URL", str(request.base_url))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f333a2f7a5b9b799 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/middleware/in_flight_requests_middleware.py:65
            if "PROMETHEUS_MULTIPROC_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f55496983631d483 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/middleware/security_headers_middleware.py:29
    return os.getenv("LITELLM_ENABLE_HSTS", "false").strip().lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac2ac91f5ce70623 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:196
    base_target_url = os.getenv("GEMINI_API_BASE") or "https://generativelanguage.googleapis.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99b86e6046befc33 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:259
    base_target_url = os.getenv("COHERE_API_BASE") or "https://api.cohere.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2deb6bd19b9bdd3d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:382
    base_target_url = os.getenv("MISTRAL_API_BASE") or "https://api.mistral.ai"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6768e2dcea40e7b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:573
    base_target_url = os.getenv("ANTHROPIC_API_BASE") or os.getenv("ANTHROPIC_BASE_URL") or "https://api.anthropic.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54a20769f23f725d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:1909
    base_target_url = os.getenv("OPENAI_API_BASE") or "https://api.openai.com/"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0943b274e43e93bb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2061
    base_target_url = os.getenv("CURSOR_API_BASE") or "https://api.cursor.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd149fe4fd84f930 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/plugin_routes.py:133
    salt = os.getenv("LITELLM_SALT_KEY", "").encode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4f339aca70265df Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/plugin_routes.py:232
    if not os.getenv("LITELLM_SALT_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24a05ed6d5c134aa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/prometheus_cleanup.py:31
    if not os.environ.get("PROMETHEUS_MULTIPROC_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fd3fa7a3a594558 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:29
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfd34e8ec2e83d9d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:298
        os.environ["LITELLM_DEV_ENV_HOT_RELOAD"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fc23b770ad01bc3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:483
        if os.environ.get("PROMETHEUS_MULTIPROC_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e68c00ee342a73f Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:505
            with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #563a6f6a57384e32 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:557
        multiproc_dir = os.environ.get("PROMETHEUS_MULTIPROC_DIR") or os.environ.get("prometheus_multiproc_dir")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0b21953728db912 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:562
            os.environ["PROMETHEUS_MULTIPROC_DIR"] = multiproc_dir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #716bb093f41573ca Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:984
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dc8e360626f1fae Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:990
            db_port = os.getenv("DATABASE_PORT", "5432")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03827ed6ff0eeecf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:991
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed876ec7102de7cd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:992
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67f40fb3c2effa38 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:993
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa92f8874d059df3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1002
            os.environ["DATABASE_URL"] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d29981e25e055555 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1003
            os.environ["IAM_TOKEN_DB_AUTH"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #760b13b2f3bf550a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1009
        if os.getenv("USE_AWS_KMS", None) is not None and os.getenv("USE_AWS_KMS") == "True":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d23cdddba44b5cbf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1014
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51865a1a7dfbbd5c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1062
            if database_url is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af32b97b3a5331ac Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1068
                    os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55b72a517ddaaad8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1100
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9dc5b3aa7f70d34 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1103
        if config is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e0470d911fcff8b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1109
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #228d2c0a0cc0e0b1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1116
        if os.getenv("DATABASE_URL", None) is not None or os.getenv("DIRECT_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ba2fc6fe517f39c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1123
                _candidate_url = os.getenv(_db_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcd495331e22e781 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1145
                if os.getenv("DATABASE_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #718658b9c703b3ab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1151
                    os.environ["DATABASE_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fadcec1483c94757 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1152
                if os.getenv("DIRECT_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acdba9e6e5394ea3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1153
                    database_url = os.getenv("DIRECT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a0f7ce6096203a2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:1155
                    os.environ["DIRECT_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5619e5904d0eba27 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:632
global_max_parallel_request_retries_env: Optional[str] = os.getenv("LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRIES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a15a5cda200e84dd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:640
global_max_parallel_request_retry_timeout_env: Optional[str] = os.getenv(
    "LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRY_TIMEOUT"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c952a3751094e6c4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:661
_title = os.getenv("DOCS_TITLE", "LiteLLM API") if premium_user else "LiteLLM API"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f048eb0322f12d9c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:663
    os.getenv(
        "DOCS_DESCRIPTION",
        f"Enterprise Edition \n\nProxy Server to call 100+ LLMs in the OpenAI format. {custom_swagger_message}\n\n{ui_message}",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31a374dc36aa60f4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:796
    _startup_hooks_env = os.environ.get("LITELLM_WORKER_STARTUP_HOOKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cefbd3c480236c76 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:851
        elif os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None and isinstance(worker_config, str):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82c4222873079e9b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1283
if os.getenv("DOCS_FILTERED", "False") == "True" and premium_user:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a6468fd50b6dd80 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1384
    _origins_raw = cors_origins_env if cors_origins_env is not None else os.getenv("LITELLM_CORS_ORIGINS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #385b1d7af81d4424 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1397
        cors_credentials_env if cors_credentials_env is not None else os.getenv("LITELLM_CORS_ALLOW_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8d5cb6d2b8e4834 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1517
    is_non_root = os.getenv("LITELLM_NON_ROOT", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc329e6e646b4292 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1526
    runtime_ui_path = os.getenv("LITELLM_UI_PATH", default_runtime_ui_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8d4f1591b9b77d3 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1620
                        with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f26ffc13930565d5 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1635
                        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24ca4f733e3a9902 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1815
root_redirect_url: Optional[str] = os.getenv("ROOT_REDIRECT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85780255a9438202 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1947
        KVUri = os.getenv("AZURE_KEY_VAULT_URI", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4e19dec40ee4d40 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2921
        with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c87a0be45030dbb8 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3488
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d3a8e0854b8815b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3509
            with open(f"{file_path}", "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cd2dd381f4947ee Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3599
            with open(f"{user_config_file_path}", "w") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b15ffe48653e6c75 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3742
        if os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #110ef17ffbb02127 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3743
            bucket_name = os.environ.get("LITELLM_CONFIG_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #753bc3fff9688db0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3744
            object_key = os.environ.get("LITELLM_CONFIG_BUCKET_OBJECT_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2862ce59afc4b8dc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3745
            bucket_type = os.environ.get("LITELLM_CONFIG_BUCKET_TYPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09b61fe275fb280b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3899
                        os.environ[key] = resolved_secret_string

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a86034c62231987 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3908
                    os.environ[key] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cc1cd683d00f46d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3912
                _license_check.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70cf68742e698af3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:4315
            use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c28a0d79544ca1f8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:4492
                    v = os.getenv(_v)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baee366a8a8875a9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5120
                    os.environ[k] = decrypted_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fa2643106094b7f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5533
                os.environ[upper_key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c6b4b26d0c46c5a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6367
    os.environ["WORKER_CONFIG"] = json.dumps(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #217ed1cb21f76828 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6409
    if os.getenv("LITELLM_DONT_SHOW_FEEDBACK_BOX", "").lower() != "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92d621978ca396a0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6440
        litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61c7a92946e95787 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6482
        os.environ["AZURE_API_VERSION"] = api_version  # set this for azure - litellm can read this from the env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98af66c46bbb567a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7838
            if os.getenv("PROMETHEUS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e5e0a07f0c92ac9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7950
            app_name = os.getenv("PYROSCOPE_APP_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88874f2e690f3f40 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7956
            server_address = os.getenv("PYROSCOPE_SERVER_ADDRESS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cc12a59c4bef333 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7963
            env_name = os.getenv("OTEL_ENVIRONMENT_NAME") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf666cb6b1d225f9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7963
            env_name = os.getenv("OTEL_ENVIRONMENT_NAME") or os.getenv(
                "LITELLM_DEPLOYMENT_ENVIRONMENT",
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df05296b539a7b1e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7968
            sample_rate_env = os.getenv("PYROSCOPE_SAMPLE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40fa5597072d0fe7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:12880
        os.getenv("LITELLM_HIDE_DEFAULT_CREDENTIALS_HINT", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #499cc665676293a6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13492
    logo_path = os.getenv("UI_LOGO_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fb8dbe08e7d3b3f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13506
    is_non_root = os.getenv("LITELLM_NON_ROOT", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e1ac592d4b4b485 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13511
    assets_dir = os.getenv("LITELLM_ASSETS_PATH", default_assets_dir)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc5e248664d82246 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13530
    logo_path = os.getenv("UI_LOGO_PATH", default_logo)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5822b9ad6f1fd6f1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13571
    favicon_url = os.getenv("LITELLM_FAVICON_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29cb993605dac014 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:14624
                _var: (value if (value := environment_variables.get(_var)) is not None else os.getenv(_var))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #477422b4a0ba0695 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:143
    raw = json.loads(files("litellm").joinpath("provider_endpoints_support_backup.json").read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f3474e5eae04f01 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:344
    with open(provider_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39c75ff79f78c2d1 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:432
    with open(agent_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b35dfe2dde2c97d9 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:435
    with open(provider_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f7da2e806a77bb2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/shutdown/graceful_shutdown_manager.py:58
        raw = os.getenv("GRACEFUL_SHUTDOWN_TIMEOUT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5df340dcef85f9a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_log_error_logger.py:43
    return str_to_bool(os.getenv(SUPPRESS_SPEND_LOG_TRACEBACKS_ENV)) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3c1c5586a23ee0b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_management_endpoints.py:2577
            db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1b6f6163c4a84be Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_tracking_utils.py:49
    max_length_str = os.getenv("MAX_STRING_LENGTH_PROMPT_IN_DB")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f0caa41046f1652 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:806
                os.environ[env_var_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d8764f956b742b0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:809
                os.environ.pop(env_var_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e8e715d7f7186c3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:965
        os.environ["UI_LOGO_PATH"] = logo_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c4d53cbef6598a7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:972
        if "UI_LOGO_PATH" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fdf8ea05bc0c4ac Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:973
            del os.environ["UI_LOGO_PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3fa6383d9337d2c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:984
        os.environ["LITELLM_FAVICON_URL"] = favicon_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8140fc07ede870d4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:991
        if "LITELLM_FAVICON_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e56cb9e6d91464c7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:992
            del os.environ["LITELLM_FAVICON_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a0969620fe76048 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1306
    with open(file_path, "wb") as buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f093dbd4a53d36bb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:209
    if SendGridEmailLogger is not None and os.getenv("SENDGRID_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89a52eaa542755dd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:213
    if ResendEmailLogger is not None and os.getenv("RESEND_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd41d51a9b802aeb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:217
    if SMTPEmailLogger is not None and os.getenv("SMTP_HOST"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88638688aaccef47 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:1895
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9c212f4be815365 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2702
LITELLM_CONFIG_CACHE_TTL_SECONDS: int = int(os.environ.get("LITELLM_CONFIG_PARAM_CACHE_TTL_SECONDS", "60"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88a54fbbe239aed3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2790
        self.iam_token_db_auth: Optional[bool] = str_to_bool(os.getenv("IAM_TOKEN_DB_AUTH"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2af7bea4a598ac5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2803
        read_replica_url = os.getenv("DATABASE_URL_READ_REPLICA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #509d08d915b2b808 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2850
                    os.environ["DATABASE_URL_READ_REPLICA"] = read_replica_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d976036fff50c91 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2889
        self._db_reconnect_cooldown_seconds: int = max(1, int(os.getenv("PRISMA_RECONNECT_COOLDOWN_SECONDS", "15")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c1777843085ef66 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2891
            5, int(os.getenv("PRISMA_HEALTH_WATCHDOG_INTERVAL_SECONDS", "30"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63ff09f9e1672c14 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2894
            str_to_bool(os.getenv("PRISMA_HEALTH_WATCHDOG_ENABLED", "true")) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ce3bc4ce628a379 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2898
            float(os.getenv("PRISMA_HEALTH_WATCHDOG_PROBE_TIMEOUT_SECONDS", "5.0")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e455ae3085567115 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2901
            1.0, float(os.getenv("PRISMA_WATCHDOG_RECONNECT_TIMEOUT_SECONDS", "30.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c6c59c0bc4f40aa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2904
            0.5, float(os.getenv("PRISMA_AUTH_RECONNECT_TIMEOUT_SECONDS", "2.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f93091c46b3c3220 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2908
            float(os.getenv("PRISMA_AUTH_RECONNECT_LOCK_TIMEOUT_SECONDS", "0.1")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c054e68fa7b061ee Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2911
        self._reconnect_escalation_threshold: int = max(1, int(os.getenv("PRISMA_RECONNECT_ESCALATION_THRESHOLD", "3")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38f8420fb9dbacd0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3003
            pg_schema = os.getenv("DATABASE_SCHEMA", "public")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6abc6214498170dc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4485
                db_url = os.getenv("DATABASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c1a25d0b873ecc3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4510
                db_url = os.getenv("DATABASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #314c2672fd0d2e51 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4954
    return os.getenv("SMTP_USE_SSL", "False") == "True" or smtp_port == 465

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0a2972b7dfc374e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4978
    smtp_host = os.getenv("SMTP_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1118f3dd2253778e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4979
    smtp_port = int(os.getenv("SMTP_PORT", "587"))  # default to port 587

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2844f77c0803beee Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4980
    smtp_username = os.getenv("SMTP_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d94acbba80be5ed0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4981
    smtp_password = os.getenv("SMTP_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e98f4659b5721042 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4982
    sender_email = os.getenv("SMTP_SENDER_EMAIL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5549eeaf55926cc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5011
            if not using_ssl and os.getenv("SMTP_TLS", "True") != "False":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad3416589304175d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5178
                    base_url = os.getenv("SPEND_LOGS_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #831379d8d2c165a7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5664
    if redoc_url := os.getenv("REDOC_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d2d88397a918b2a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5667
    if str_to_bool(os.getenv("NO_REDOC")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #015fe67c1bbab433 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5681
    if docs_url := os.getenv("DOCS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edb9a29abaaa23a7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5684
    if str_to_bool(os.getenv("NO_DOCS")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f8496580f833fd6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5698
    if openapi_url := os.getenv("OPENAPI_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f10fb0d622e05d0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5701
    if str_to_bool(os.getenv("NO_OPENAPI")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cde85b3b783e025f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5827
    return os.getenv("PROXY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70a59fd78f511e76 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5837
    return os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #544f28a15a037fdb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5889
    database_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3e6ae17e6e6ebce Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5890
    database_username = os.getenv("DATABASE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #402a12da32f502b4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5891
    database_password = os.getenv("DATABASE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #104f3084553f04de Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5892
    database_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f375e68d416e5d6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5893
    database_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e62f9c27a62405b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/vertex_ai_endpoints/langfuse_endpoints.py:196
        dynamic_langfuse_host or os.getenv("LANGFUSE_HOST", _DEFAULT_LANGFUSE_HOST) or _DEFAULT_LANGFUSE_HOST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f64caadac28b907 Environment-variable access.
pkgs/python/[email protected]/litellm/realtime_api/main.py:358
            or os.environ.get("LITELLM_AZURE_REALTIME_PROTOCOL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16de820b0f10d533 Environment-variable access.
pkgs/python/[email protected]/litellm/repositories/config_repository.py:152
                os.environ[env_key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8327bb55b925406f Environment-variable access.
pkgs/python/[email protected]/litellm/router.py:7848
                    params[param_key] = os.environ.get(env_name, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #133f830ca84274b0 Environment-variable access.
pkgs/python/[email protected]/litellm/rust_bridge/ocr.py:49
    return os.getenv("LITELLM_USE_RUST_OCR", "").strip().lower() in {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b93b8e47707d3df Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:22
    if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5d9551ebb69cd92 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:35
        kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de4020e6c334752b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:56
        if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52115475bd8299b3 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:62
        if os.getenv("LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d10b832ca6644b6b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:64
        elif os.getenv("LITELLM_SECRET_AWS_KMS_LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d260e74044df975b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:80
            kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e2b840c90162a89 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:89
        encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #834bc5cb05848128 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:130
    for k, v in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #229e0bb4ddd1df34 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:68
            "AWS_REGION_NAME" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a05f630d7c9afdf Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:69
            and "AWS_REGION" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e624dc90f7cb3a2c Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:70
            and "AWS_DEFAULT_REGION" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c04e6631e9691e1 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:178
            return os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2c4017f35ce3657 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:27
        self.conjur_addr = os.getenv("CYBERARK_API_BASE", "http://127.0.0.1:8080")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0fe89926fbf9e27 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:28
        self.conjur_account = os.getenv("CYBERARK_ACCOUNT", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07f9bca5a33ba5f8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:29
        self.conjur_username = os.getenv("CYBERARK_USERNAME", "admin")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a44e64ba437ebe3 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:30
        self.conjur_api_key = os.getenv("CYBERARK_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba963e3676fd446 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:33
        self.tls_cert_path = os.getenv("CYBERARK_CLIENT_CERT", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81b9f81fb64b4596 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:34
        self.tls_key_path = os.getenv("CYBERARK_CLIENT_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a957929e6011cf22 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:38
        ssl_verify_env = str_to_bool(os.getenv("CYBERARK_SSL_VERIFY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1683a4c8d13f97b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:51
        _refresh_interval = int(os.environ.get("CYBERARK_REFRESH_INTERVAL", "300"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cccf4bd0e337c509 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:12
        os.environ.get("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9870b81a3a5f231f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:13
        and os.environ.get("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32d614324be15738 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:14
        and os.environ.get("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #009c06fb811e75bf Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:17
    elif os.environ.get("AZURE_CLIENT_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59fb335a65f2e36a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:20
        os.environ.get("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ed57d38822b04a2 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:21
        and os.environ.get("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65de0a514709f9cd Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:22
        and os.environ.get("AZURE_CERTIFICATE_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ead74ddc8494be58 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:23
        and os.environ.get("AZURE_CERTIFICATE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d272ee86100f1d3 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:26
    elif os.environ.get("AZURE_CERTIFICATE_PASSWORD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #626a3e6c9ed4c13d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:28
    elif os.environ.get("AZURE_CERTIFICATE_PATH"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd61e6349509de02 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:64
        azure_scope = os.environ.get("AZURE_SCOPE") or "https://cognitiveservices.azure.com/.default"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f829186b90dbfb4a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:69
        else None or os.environ.get("AZURE_CREDENTIAL") or infer_credential_type_from_environment()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b3c7cea90528f49 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:83
            client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a559fcdae56c50dd Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:84
            client_secret=os.environ["AZURE_CLIENT_SECRET"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03b09a1c59f2eb0e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:85
            tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #653bc37e8bb29e47 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:88
        credential = ManagedIdentityCredential(client_id=os.environ["AZURE_CLIENT_ID"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40d238dd1866b396 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:90
        if os.getenv("AZURE_CERTIFICATE_PASSWORD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f4a15ad27afa077 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:92
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a6b3a6268bc6b6b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:93
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e08897c94114cd8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:94
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94edaba0ad0e1e26 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:95
                password=os.environ["AZURE_CERTIFICATE_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e0cb5a89ede55f6 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:99
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c5e2e9fbdb4f359 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:100
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75ab8e3b94e10f88 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:101
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bde2f6d83d7d4a8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:19
    if "GOOGLE_APPLICATION_CREDENTIALS" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ec73e2032dcb6a5 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:21
    if "GOOGLE_KMS_RESOURCE_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac349140e33df92a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:37
        litellm._google_kms_resource_name = os.getenv("GOOGLE_KMS_RESOURCE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bf316eac0002017 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:32
        self.PROJECT_ID = os.environ.get("GOOGLE_SECRET_MANAGER_PROJECT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e90d083fa54977f1 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:40
        _refresh_interval = os.environ.get("GOOGLE_SECRET_MANAGER_REFRESH_INTERVAL", refresh_interval)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #477b51edb9912397 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:44
        _always_read_secret_manager = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #448c860b965f3d88 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:44
        _always_read_secret_manager = os.environ.get(
            "GOOGLE_SECRET_MANAGER_ALWAYS_READ_SECRET_MANAGER",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #470bb9cf0aada2d8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:25
        self.vault_addr = os.getenv("HCP_VAULT_ADDR", "http://127.0.0.1:8200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9613fac2dc08e0e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:26
        self.vault_token = os.getenv("HCP_VAULT_TOKEN", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afec7a6d7fe30662 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:28
        self.vault_namespace = os.getenv("HCP_VAULT_NAMESPACE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b34047d8e5041ef Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:31
        self.vault_mount_name = os.getenv("HCP_VAULT_MOUNT_NAME", "secret")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0876577c0c27af98 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:33
        self.vault_path_prefix = os.getenv("HCP_VAULT_PATH_PREFIX", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d86a69833a1eb8c6 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:36
        self.tls_cert_path = os.getenv("HCP_VAULT_CLIENT_CERT", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f17dd17168cbc231 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:37
        self.tls_key_path = os.getenv("HCP_VAULT_CLIENT_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb838e4bfe5806b4 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:38
        self.vault_cert_role = os.getenv("HCP_VAULT_CERT_ROLE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #914b40e8f72d812f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:41
        self.approle_role_id = os.getenv("HCP_VAULT_APPROLE_ROLE_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4441f868c341433a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:42
        self.approle_secret_id = os.getenv("HCP_VAULT_APPROLE_SECRET_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9146b8d17e00e769 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:43
        self.approle_mount_path = os.getenv("HCP_VAULT_APPROLE_MOUNT_PATH", "approle")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04b43c7773bdfc34 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:54
        _refresh_interval = os.environ.get("HCP_VAULT_REFRESH_INTERVAL", SECRET_MANAGER_REFRESH_INTERVAL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00a086c0097c6cb0 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:31
    override = os.getenv("LITELLM_OIDC_ALLOWED_CREDENTIAL_DIRS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11303e2feb6c210a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:196
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #704c48a889699e37 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:202
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN_V2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #891df40ed3f28f0f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:208
            actions_id_token_request_url = os.getenv("ACTIONS_ID_TOKEN_REQUEST_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20e12c7f1189e97d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:209
            actions_id_token_request_token = os.getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5e80d31ff299b0c Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:236
            azure_federated_token_file = os.getenv("AZURE_FEDERATED_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89388bb9c1fbaa6b Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:251
            with open(azure_federated_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72f723e8ec9dc1ba Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:257
            with open(safe_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76d21add54dc3ef1 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:262
            oidc_token = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e2bfe12a97deb04 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:268
            token_file_path = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c8163d34fccd061 Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:271
            with open(token_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #962f4de12b968906 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:303
                secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #040061254af208a9 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:314
            secret = os.environ.get(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #829f01220aa37230 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:59
        encrypted_secret: Any = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b860c65492d1029 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:82
        encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e34fe2ad35cd9dc Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:160
        secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #652b9c7fa15385e8 Environment-variable access.
pkgs/python/[email protected]/litellm/setup_wizard.py:135
    return sys.stdout.isatty() and os.environ.get("NO_COLOR") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcf7d429e1e6dca4 Filesystem access.
pkgs/python/[email protected]/litellm/setup_wizard.py:241
            config_path.write_text(SetupWizard._build_config(providers, env_vars, master_key))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ecdb94d82fabefa Filesystem access.
pkgs/python/[email protected]/litellm/setup_wizard.py:281
        with open("/dev/tty", "rb") as tty_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06d14319c437d55b Environment-variable access.
pkgs/python/[email protected]/litellm/types/integrations/slack_alerting.py:55
            os.getenv(
                "SLACK_DAILY_REPORT_FREQUENCY",
                int(SlackAlertingArgsEnum.daily_report_frequency.value),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d899dae4b4958762 Environment-variable access.
pkgs/python/[email protected]/litellm/types/proxy/guardrails/guardrail_hooks/zscaler_ai_guard.py:91
        api_base = self.api_base or os.getenv(
            "ZSCALER_AI_GUARD_URL",
            "https://api.us1.zseclipse.net/v1/detection/execute-policy",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c13742b46357e0e1 Environment-variable access.
pkgs/python/[email protected]/litellm/types/proxy/guardrails/guardrail_hooks/zscaler_ai_guard.py:99
            env_policy = os.getenv("ZSCALER_AI_GUARD_POLICY_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df815177e6c485f2 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5757
    no_proxy = os.getenv("NO_PROXY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #178ae220b55ba7f2 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5810
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a3c967158687ffb Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5815
            if "AZURE_API_BASE" in os.environ and "AZURE_API_VERSION" in os.environ and "AZURE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #642547875cd3bd02 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5820
            if "ANTHROPIC_API_KEY" in os.environ or "ANTHROPIC_AUTH_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f05788f89345bb6f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5825
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a07cdc6979cce72d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5830
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10e39eb6280ef8ec Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5835
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82499dc58cf310eb Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5840
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #052cc83dc1175640 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5845
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfacaafce9402e04 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5850
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b98b1d048bf4658 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5855
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2bdb8656a0dd63b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5860
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f16a8157e6ce3d0c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5865
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5bce9f261575364 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5870
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dc8d43ab94fcb96 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5875
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #344b80768aedd2de Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5880
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d6132f473335413 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5885
            if ("AWS_ACCESS_KEY_ID" in os.environ and "AWS_SECRET_ACCESS_KEY" in os.environ) or (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b23282689ecdb47a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5887
                "AWS_ROLE_ARN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eecc953962b368b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5888
                or "AWS_PROFILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76754ef45fb6ba56 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5889
                or "AWS_WEB_IDENTITY_TOKEN_FILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a683dd60ac398b66 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5890
                or "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" in os.environ  # ECS task role

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab40195d0a2e5814 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5891
                or "AWS_CONTAINER_CREDENTIALS_FULL_URI" in os.environ  # ECS/Fargate full URI credential delivery

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ed167a450be222c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5898
            if "OLLAMA_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #680456b7a9f174bb Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5903
            if "ANYSCALE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c1a958e97505770 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5908
            if "DEEPINFRA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #275640df35955d2b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5913
            if "FEATHERLESS_AI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #195c29825f46b430 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5918
            if ("GOOGLE_API_KEY" in os.environ) or ("GEMINI_API_KEY" in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dc59808fd6f1584 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5924
            if "GROQ_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ac045dee258ba88 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5929
            if "NVIDIA_NIM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a11d76c8a8263ba Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5934
            if "CEREBRAS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #183b9a63e677e15d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5939
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91261aaeea8c73c9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5944
            if "XAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d732175964c1c0ea Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5949
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe68a31d56029b0f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5954
            if "VOLCENGINE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cb4bd2d4182b487 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5959
            if "CODESTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d13cdd90e07d3c9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5964
            if "INCEPTION_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a1ce0f88d8df265 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5969
            if "DEEPSEEK_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #550dcf490e484346 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5974
            if "MISTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ea04d6b22df04ac Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5979
            if "PALM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #076b0813bf4cb77d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5984
            if "PERPLEXITYAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d1312e8402b8e16 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5989
            if "VOYAGE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58f29589df60a688 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5994
            if "INFINITY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c226a05993a9b8a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6000
                "FIREWORKS_AI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45e0af1b6f22e5a6 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6001
                or "FIREWORKS_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07a818167c8eaedb Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6002
                or "FIREWORKSAI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3f41213917277e9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6003
                or "FIREWORKS_AI_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daac21c4fb67fb0c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6009
            if "CLOUDFLARE_API_KEY" in os.environ and (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9727a69779c054f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6010
                "CLOUDFLARE_ACCOUNT_ID" in os.environ or "CLOUDFLARE_API_BASE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ccf23231c2fd80c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6017
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44425f11eea1503a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6022
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0001c37c0b0ce8a4 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6027
            if "WANDB_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6107b6f560b2049d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6032
            if "DASHSCOPE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fae5c6d44ddfc120 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6037
            if "MODELSCOPE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67df34f08476362a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6042
            if "MOONSHOT_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52a99ff3e77aaa07 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6055
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5d7b1ad729748bf Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6061
            if "ANTHROPIC_API_KEY" in os.environ or "ANTHROPIC_AUTH_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14680946d789ede7 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6067
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63f86aa115cd30d8 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6073
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #887af9445315be2d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6079
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5190e3cc7c42de33 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6085
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f5e7287e32cdc00 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6091
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fd4755a0ba9a7f9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6101
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68ef420ff15d4de7 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6107
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8681c1826607331 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6113
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a68c3b5397118102 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6119
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #854007ddbf6b6bcf Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6125
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdf186c033c21f4c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6131
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cae3c0abed115c5 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6137
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eeb132d52898940 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6142
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1beb19d514b0a230 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6147
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b78d01ba6ed72fbd Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6152
            if "WANDB_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5de117d440ba496d Filesystem access.
pkgs/python/[email protected]/litellm/utils.py:6521
        with open(config_path, "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85254cd8f87d5d5c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6770
        env_vars = {k: v for k, v in os.environ.items() if k.startswith(("OPENAI", "ANTHROPIC", "AZURE", "AWS"))}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c63bf8977f021eb8 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6832
    environ_keys = os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff44378f414415a5 Filesystem access.
pkgs/python/[email protected]/litellm/utils.py:7449
        return json.loads(model_cost_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

crewai-tools

python dependency
high pii_flow dependency Excluded from app score #25a46683fa78a4e0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/adapters/zapier_adapter.py:45 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/adapters/zapier_adapter.py:27 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/adapters/zapier_adapter.py:45
        response = requests.request(
            "POST",
            execute_url,
            headers=headers,
            json=action_params,
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #016830b08776e1c3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/adapters/zapier_adapter.py:71 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/adapters/zapier_adapter.py:69 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/adapters/zapier_adapter.py:71
        response = requests.request(
            "GET",
            ACTIONS_URL,
            headers=headers,
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #f0c7bb0a3c980998 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:133 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:129 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:133
            response = requests.get(
                self.search_url, headers=headers, params=payload, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #ebd282c91b8db126 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:224 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:219 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:224
            response = requests.post(
                self.base_url, json=request_params, headers=headers, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #822b278643086cf7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:141 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:135 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:141
            response = requests.post(
                self.base_url, json=payload, headers=headers, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #b195017acd0e7c73 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80
                result = requests.post(
                    url, headers=headers, data=config, files=file, timeout=30
                )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #428f6902a8406943 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:89 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:89
                result = requests.get(status_url, headers=headers, timeout=30)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #40d2785a51ae67b0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:100 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:64 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:100
            result = requests.get(
                results_url,
                headers=headers,
                params={"output_types": ",".join(output_types)},
                timeout=30,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #e4ee732f990d5553 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:49 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:48 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_query_tool/contextual_query_tool.py:49
        response = requests.get(url, headers=headers, timeout=30)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #4f8e266d3809563e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:53 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69
            result = requests.post(
                rerank_url, json=payload, headers=headers, timeout=30
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #23e8b97940926ba8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:70 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:75 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:70
            response = requests.post(
                url=api_url,
                headers=headers,
                json=payload,
                timeout=60,
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #d3cf82e3d2e2994e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:47 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:52 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:47
            response = requests.get(
                actions_url,
                headers=headers,
                timeout=30,
                params={"apps": ",".join(self._apps)},
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #cc5fdddb7f187de7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:104 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:78 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:104
            resp = requests.post(
                self.search_url, json=payload, headers=headers, timeout=request_timeout
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #13e70b40fe0c4f1a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:43 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39
            requests.get(
                "https://api.patronus.ai/v1/evaluators",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #9d96e1f9d4cc9f27 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:66 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62
            requests.get(
                "https://api.patronus.ai/v1/evaluator-criteria",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #b86cc7b9153ece66 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:145 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:138 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:145
        response = requests.post(
            self.evaluate_url,
            headers=headers,
            data=json.dumps(data),
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #42ff7476bee40727 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:95 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:60 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:95
        response = requests.post(
            self.evaluate_url,
            headers=headers,
            data=json.dumps(data),
            timeout=30,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #87911396d7857dcd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:257 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:251 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:257
            response = requests.post(
                search_url, headers=headers, json=payload, timeout=10
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling reachable #a4fb87663c467f65 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:52 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59
            response = requests.post(
                api_url,
                headers=headers,
                data=payload,
                timeout=30,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 124 low-confidence finding(s)
low env_fs dependency Excluded from app score #476f1507b1be5b51 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/adapters/enterprise_adapter.py:14
    base_url = os.getenv("CREWAI_PLUS_URL", "https://app.crewai.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8eb1b2f47cd6de19 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/adapters/enterprise_adapter.py:419
        token = enterprise_action_token or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61263c559ac1782f Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/adapters/enterprise_adapter.py:419
        token = enterprise_action_token or os.environ.get(
            "CREWAI_ENTERPRISE_TOOLS_TOKEN"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b6658caa26d802b Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/adapters/zapier_adapter.py:62
        self.api_key = api_key or os.getenv("ZAPIER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b19d7191df718529 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:60
        self.agent_id = agent_id or os.getenv("BEDROCK_AGENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d62ab9b268b70665 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:61
        self.agent_alias_id = agent_alias_id or os.getenv("BEDROCK_AGENT_ALIAS_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd7114096dbf52da Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:105
                region_name=os.getenv(
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-west-2")
                ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5817ce379005304 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/bedrock/agents/invoke_agent_tool.py:106
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4c9621582013e76 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/bedrock/knowledge_base/retriever_tool.py:60
        self.knowledge_base_id = knowledge_base_id or os.getenv("BEDROCK_KB_ID")  # type: ignore[assignment]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f1b8613c99bac7a Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/bedrock/knowledge_base/retriever_tool.py:196
                region_name=os.getenv(
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-east-1")
                ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e92d7b3e2e06159 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/bedrock/knowledge_base/retriever_tool.py:197
                    "AWS_REGION", os.getenv("AWS_DEFAULT_REGION", "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59460e3b44fc6e1b Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/s3/reader_tool.py:35
                region_name=os.getenv("CREW_AWS_REGION", "us-east-1"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8628795e5cc89b6e Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/s3/reader_tool.py:36
                aws_access_key_id=os.getenv("CREW_AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05a2f87a53b29484 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/s3/reader_tool.py:37
                aws_secret_access_key=os.getenv("CREW_AWS_SEC_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5a75d62c657c838 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/s3/writer_tool.py:36
                region_name=os.getenv("CREW_AWS_REGION", "us-east-1"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f0bdbee02b588e3 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/s3/writer_tool.py:37
                aws_access_key_id=os.getenv("CREW_AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25c35d9829879da3 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/aws/s3/writer_tool.py:38
                aws_secret_access_key=os.getenv("CREW_AWS_SEC_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58d5a052e8f7251e Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/generate_tool_specs.py:190
        with open(output_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #887986fc2d770e6a Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/rag/embedding_service.py:108
            return os.getenv(env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8788ea61ac0964c6 Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/rag/loaders/csv_loader.py:29
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbd5179191ae12d2 Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/rag/loaders/json_loader.py:28
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b1fd41893d484db Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/rag/loaders/mdx_loader.py:36
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c15889635bba908 Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/rag/loaders/text_loader.py:15
        with open(source_content.source, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53bd91fd5680db6a Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/rag/loaders/xml_loader.py:37
        with open(path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b6200387ce837e2 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/security/safe_path.py:52
    return os.environ.get(_UNSAFE_PATHS_ENV, "").lower() in ("true", "1", "yes")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #777110fd86824912 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/ai_mind_tool/ai_mind_tool.py:47
        self.api_key = api_key or os.getenv("MINDS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ced330d5520416c2 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/apify_actors_tool/apify_actors_tool.py:58
        if not os.environ.get("APIFY_API_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #17b091467746ce9f Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/tools/brave_search_tool/base.py:26
    with open(filename, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #397722b502d58065 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brave_search_tool/base.py:126
        self._api_key = api_key or os.environ.get("BRAVE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #27420e2077f96fd2 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:55
        if "BRAVE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #610118dbb0dcef86 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brave_search_tool/brave_search_tool.py:129
                "X-Subscription-Token": os.environ["BRAVE_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3c1b788157a8e949 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:20
            API_URL=os.environ.get("BRIGHTDATA_API_URL", "https://api.brightdata.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #da4dc4bf3292e4b2 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:21
            DEFAULT_TIMEOUT=int(os.environ.get("BRIGHTDATA_DEFAULT_TIMEOUT", "600")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #eb500b43a9e86cf4 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:23
                os.environ.get("BRIGHTDATA_DEFAULT_POLLING_INTERVAL", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0c698624c3f7d609 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:481
        api_key = os.getenv("BRIGHT_DATA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #13def9e66600c1a8 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_dataset.py:578
        api_key = os.getenv("BRIGHT_DATA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #6eaa303c4e3088cf Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:18
            API_URL=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #6bda3a3279eb99f9 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:18
            API_URL=os.environ.get(
                "BRIGHTDATA_API_URL", "https://api.brightdata.com/request"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5db508fd723eb173 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:125
        self.api_key = os.getenv("BRIGHT_DATA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ba2cc12d2ef7e044 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_serp.py:126
        self.zone = os.getenv("BRIGHT_DATA_ZONE") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b8ff9b0705e15b16 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:19
            API_URL=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ef3540069e030b2b Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:19
            API_URL=os.environ.get(
                "BRIGHTDATA_API_URL", "https://api.brightdata.com/request"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fa27bb94a17f6f5a Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:99
        self.api_key = os.getenv("BRIGHT_DATA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #015211d050c840b9 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/brightdata_tool/brightdata_unlocker.py:100
        self.zone = os.getenv("BRIGHT_DATA_ZONE") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #044166868744a018 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/browserbase_load_tool/browserbase_load_tool.py:16
    api_key: str | None = os.getenv("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cb23c4c6a614f714 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/browserbase_load_tool/browserbase_load_tool.py:17
    project_id: str | None = os.getenv("BROWSERBASE_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8cc720ae7453cbeb Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_create_agent_tool/contextual_create_agent_tool.py:65
                with open(doc_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ff9b1bb0bf660dcb Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:78
            with open(file_path, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling reachable #6f19e5ebb69e5fbd Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_parse_tool/contextual_parse_tool.py:80
                result = requests.post(
                    url, headers=headers, data=config, files=file, timeout=30
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling reachable #22112292f839d2c7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/crewai_tools/tools/contextualai_rerank_tool/contextual_rerank_tool.py:69
            result = requests.post(
                rerank_url, json=payload, headers=headers, timeout=30
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling reachable #512df7d9f1026f0b Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_action_tool.py:75
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7a58e60d284ba3fa Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/crewai_platform_tool_builder.py:52
                verify=os.environ.get("CREWAI_FACTORY", "false").lower() != "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7b5d5c27129a473a Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/misc.py:6
    base_url = os.getenv("CREWAI_PLUS_URL", "https://app.crewai.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8c40b13dc1a2f7e8 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/crewai_platform_tools/misc.py:12
    token = os.getenv("CREWAI_PLATFORM_INTEGRATION_TOKEN") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #79dfca3f6bc5a2b1 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/databricks_query_tool/databricks_query_tool.py:145
        has_profile = "DATABRICKS_CONFIG_PROFILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #022545a4fd9bbd97 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/databricks_query_tool/databricks_query_tool.py:147
            "DATABRICKS_HOST" in os.environ and "DATABRICKS_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b15c47f7998c60b6 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/daytona_sandbox_tool/daytona_base_tool.py:35
        default_factory=lambda: os.getenv("DAYTONA_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #dde48ff6894d0b61 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/daytona_sandbox_tool/daytona_base_tool.py:40
        default_factory=lambda: os.getenv("DAYTONA_API_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f8d84445da50de16 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/daytona_sandbox_tool/daytona_base_tool.py:45
        default_factory=lambda: os.getenv("DAYTONA_TARGET"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1573596109cffbff Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/e2b_sandbox_tool/e2b_base_tool.py:36
            SecretStr(val) if (val := os.getenv("E2B_API_KEY")) else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #042f6858127e3b67 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/e2b_sandbox_tool/e2b_base_tool.py:43
        default_factory=lambda: os.getenv("E2B_DOMAIN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7ef5beef24c6879c Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/exa_tools/exa_search_tool.py:58
        default_factory=lambda: os.getenv("EXA_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a243d8713d5b2c67 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/exa_tools/exa_search_tool.py:63
        default_factory=lambda: os.getenv("EXA_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #82babbbbd2541eaa Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/tools/file_read_tool/file_read_tool.py:93
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #14a2cb69ef55549b Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/tools/file_writer_tool/file_writer_tool.py:70
            with open(real_filepath, mode) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a3b24ab4bfd7407c Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/generate_crewai_automation_tool/generate_crewai_automation_tool.py:28
        default_factory=lambda: os.getenv("CREWAI_PLUS_URL", "https://app.crewai.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #031f2ab81bb6967d Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/generate_crewai_automation_tool/generate_crewai_automation_tool.py:32
        default_factory=lambda: os.getenv("CREWAI_PERSONAL_ACCESS_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f6abaefab558064d Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/hyperbrowser_load_tool/hyperbrowser_load_tool.py:49
        self.api_key = api_key or os.getenv("HYPERBROWSER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5b476454dab1f09d Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/linkup/linkup_search_tool.py:54
        self._client = LinkupClient(api_key=api_key or os.getenv("LINKUP_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f0d1efa19c034a6b Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/merge_agent_handler_tool/merge_agent_handler_tool.py:65
        api_key = os.environ.get("AGENT_HANDLER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f4c8dc3820af73dc Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/mongodb_vector_search_tool/vector_search.py:124
        if "AZURE_OPENAI_ENDPOINT" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #18312dc214739eeb Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/mongodb_vector_search_tool/vector_search.py:126
        elif "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0491f3cf5c970eef Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/multion_tool/example.py:7
os.environ["OPENAI_API_KEY"] = "Your Key"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c927db61c6a9b99a Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/multion_tool/multion_tool.py:52
        self.multion = MultiOn(api_key=api_key or os.getenv("MULTION_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #886704d6a6748c6f Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/nl2sql/nl2sql_tool.py:256
        if os.environ.get("CREWAI_NL2SQL_ALLOW_DML", "").strip().lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #737b59f35d41646c Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/tools/ocr_tool/ocr_tool.py:104
        with open(image_path, "rb") as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bcce9935feedaaab Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/oxylabs_amazon_product_scraper_tool/oxylabs_amazon_product_scraper_tool.py:146
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7c02662790e28e13 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/oxylabs_amazon_product_scraper_tool/oxylabs_amazon_product_scraper_tool.py:147
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #53ae0437a4655a4b Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/oxylabs_amazon_search_scraper_tool/oxylabs_amazon_search_scraper_tool.py:148
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #121325ebce47efec Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/oxylabs_amazon_search_scraper_tool/oxylabs_amazon_search_scraper_tool.py:149
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2d5251608b89dfaf Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/oxylabs_google_search_scraper_tool/oxylabs_google_search_scraper_tool.py:151
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #141ef7601322f6b4 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/oxylabs_google_search_scraper_tool/oxylabs_google_search_scraper_tool.py:152
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #be5b1ec421becf50 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/oxylabs_universal_scraper_tool/oxylabs_universal_scraper_tool.py:142
        username = os.environ.get("OXYLABS_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a514eff15259c3c6 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/oxylabs_universal_scraper_tool/oxylabs_universal_scraper_tool.py:143
        password = os.environ.get("OXYLABS_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c4ebf3109d2f6238 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/parallel_tools/parallel_search_tool.py:78
        api_key = os.environ.get("PARALLEL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling reachable #d6d2a2159bebdaf9 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:39
            requests.get(
                "https://api.patronus.ai/v1/evaluators",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling reachable #ec1b06e66b992d50 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:43
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling reachable #c37a1757746fd49f Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:62
            requests.get(
                "https://api.patronus.ai/v1/evaluator-criteria",
                headers={
                    "accept": "application/json",
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],
                },
                timeout=30,
            ).text

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling reachable #78be22a555c8e10c Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:66
                    "X-API-KEY": os.environ["PATRONUS_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #65810e07316e32df Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_eval_tool.py:138
        api_key = os.getenv("PATRONUS_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ea8eb0a3e505d4cc Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/patronus_eval_tool/patronus_predefined_criteria_eval_tool.py:60
        api_key = os.getenv("PATRONUS_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #16de22839b6c58da Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/qdrant_vector_search_tool/qdrant_search_tool.py:113
                    .Client(api_key=os.getenv("OPENAI_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #74a64d15e8e034cc Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/scrape_element_from_website/scrape_element_from_website.py:68
                self.cookies = {cookies["name"]: os.getenv(cookies["value"]) or ""}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9f2e838e2e59a565 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/scrape_website_tool/scrape_website_tool.py:67
                self.cookies = {cookies["name"]: os.getenv(cookies["value"]) or ""}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #86e4e1e95e9333bb Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/scrapegraph_scrape_tool/scrapegraph_scrape_tool.py:113
        self.api_key = api_key or os.getenv("SCRAPEGRAPH_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4fc3957427678775 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/scrapfly_scrape_website_tool/scrapfly_scrape_website_tool.py:66
        self.scrapfly = ScrapflyClient(key=api_key or os.getenv("SCRAPFLY_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4d10456a42cb3e39 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/serpapi_tool/serpapi_base_tool.py:44
        api_key = os.getenv("SERPAPI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c3b7297054924a4a Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:94
        with open(filename, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d3707459171f644f Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/serper_dev_tool/serper_dev_tool.py:251
            "X-API-KEY": os.environ["SERPER_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e3192fef39545865 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:52
            api_key = os.getenv("SERPER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling reachable #af945e09589c26a0 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/crewai_tools/tools/serper_scrape_website_tool/serper_scrape_website_tool.py:59
            response = requests.post(
                api_url,
                headers=headers,
                data=payload,
                timeout=30,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling reachable #f5aa4c8ffb61815c Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/serply_api_tool/serply_job_search_tool.py:47
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #6a83a3ff0f8cadc9 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/serply_api_tool/serply_news_search_tool.py:47
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3a391e0c76d8a188 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/serply_api_tool/serply_scholar_search_tool.py:51
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d059f202e9285f47 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/serply_api_tool/serply_web_search_tool.py:67
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ba6356f65639cce8 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/serply_api_tool/serply_webpage_to_markdown_tool.py:31
            "X-API-KEY": os.environ["SERPLY_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ae801929ae3a01cb Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/tools/snowflake_search_tool/snowflake_search_tool.py:188
            with open(self.config.private_key_path, "rb") as key_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e85c6da909210b45 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/stagehand_tool/example.py:34
browserbase_api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5e61cfc0969e67a6 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/stagehand_tool/example.py:35
browserbase_project_id = os.environ.get("BROWSERBASE_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b5a0e95c1385f8e4 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/stagehand_tool/example.py:36
model_api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #22478afc4f5bc782 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:208
        self.api_key = api_key or os.getenv("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8fcb3c8c6323fbc0 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:209
        self.project_id = project_id or os.getenv("BROWSERBASE_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #13ea706d22ae2383 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:263
            return self.model_api_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4848c94354e75b58 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:265
            return self.model_api_key or os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0e79f08717b7b437 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:267
            return self.model_api_key or os.getenv("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a56eb51a85764094 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:271
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2a9830a408e66eb4 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/stagehand_tool/stagehand_tool.py:272
            or os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3f26bc1ea4f30d8e Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/tavily_extractor_tool/tavily_extractor_tool.py:62
        default_factory=lambda: os.getenv("TAVILY_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5b945228eb08fdaa Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/tavily_get_research_tool/tavily_get_research_tool.py:56
            api_key = os.getenv("TAVILY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #72731203876e74a5 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/tavily_research_tool/tavily_research_tool.py:92
            api_key = os.getenv("TAVILY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9057dd73b471a0d2 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/tavily_search_tool/tavily_search_tool.py:61
        default_factory=lambda: os.getenv("TAVILY_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0dee57d89563721a Filesystem access.
pkgs/python/[email protected]/src/crewai_tools/tools/vision_tool/vision_tool.py:140
        with open(image_path, "rb") as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a806487b656ad492 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/weaviate_tool/vector_search.py:89
            openai_api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #33abd4e3ad662705 Environment-variable access.
pkgs/python/[email protected]/src/crewai_tools/tools/zapier_action_tool/zapier_action_tool.py:23
        zapier_api_key = os.getenv("ZAPIER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

composio-core

python dependency
high pii_flow tooling reachable #3028c332814c9114 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/composio/tools/local/greptile/actions/codequery.py:107 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/composio/tools/local/greptile/actions/codequery.py:71 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/composio/tools/local/greptile/actions/codequery.py:107
        response = requests.post(
            "https://api.greptile.com/v2/query",
            headers=headers,
            data=json.dumps(data),
            timeout=request.timeout,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry dependency Excluded from app score #085472bd4731f243 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/core/cls/catch_all_exceptions.py:3
import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0269241b0fa1f2bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/core/cls/catch_all_exceptions.py:53
    if (isinstance(exc, (SystemExit, ValueError))) and sentry_sdk.is_initialized():

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5577887692233037 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/core/cls/catch_all_exceptions.py:54
        sentry_sdk.capture_exception(exc)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #19b126b3f9667875 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/core/cls/catch_all_exceptions.py:55
        sentry_sdk.flush()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #35e343e08ce380dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:12
import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e05de506454f5ad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:13
import sentry_sdk.integrations.argv

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #20f773354fe05357 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:14
import sentry_sdk.integrations.atexit

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c49cb709e2e5030c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:15
import sentry_sdk.integrations.dedupe

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b7d86cefddeb1ecf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:16
import sentry_sdk.integrations.excepthook

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a090fb48d9e9f1a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:17
import sentry_sdk.integrations.fastapi

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3eaf8030506e395d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:18
import sentry_sdk.integrations.logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21662c761eeab55a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:19
import sentry_sdk.integrations.modules

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #75c5dc2748dfd65d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:20
import sentry_sdk.integrations.stdlib

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fc247186f4f232ad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:21
import sentry_sdk.integrations.threading

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d03ae083ae2aba6f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:22
import sentry_sdk.types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dc2a9a7fd47f86b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/composio/utils/sentry.py:89
    sentry_sdk.init(
        dsn=sentry_config["dsn"],
        traces_sample_rate=sentry_config.get("traces_sample_rate", 1.0),
        profiles_sample_rate=sentry_config.get("profiles_sample_rate", 1.0),
        debug=False,
        before_send=filter_sentry_errors,
        default_integrations=False,
        integrations=[
            sentry_sdk.integrations.argv.ArgvIntegration(),
            sentry_sdk.integrations.atexit.AtexitIntegration(
                callback=lambda x, y: None,
            ),  # suppress atexit message
            sentry_sdk.integrations.dedupe.DedupeIntegration(),
            sentry_sdk.integrations.excepthook.ExcepthookIntegration(),
            sentry_sdk.integrations.fastapi.FastApiIntegration(),
            sentry_sdk.integrations.logging.LoggingIntegration(),
            sentry_sdk.integrations.modules.ModulesIntegration(),
            sentry_sdk.integrations.stdlib.StdlibIntegration(),
            sentry_sdk.integrations.threading.ThreadingIntegration(),
        ],
    )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 80 low-confidence finding(s)
low env_fs dependency Excluded from app score #6a871e716de2ee40 Filesystem access.
pkgs/python/[email protected]/composio/cli/apps.py:99
    with open(enum_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ca4c0dff9fecba4 Filesystem access.
pkgs/python/[email protected]/composio/cli/apps.py:133
    with open(enum_file + "i", "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #982dcc9e14fb5127 Environment-variable access.
pkgs/python/[email protected]/composio/cli/context.py:82
        api_key_from_env = os.environ.get(ENV_COMPOSIO_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05e77be2637fdcf7 Filesystem access.
pkgs/python/[email protected]/composio/cli/utils/helpfulcmd.py:31
            formatter.write_text(click.style(text, fg="white"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d340ca92872b321b Environment-variable access.
pkgs/python/[email protected]/composio/client/__init__.py:108
                else os.environ.get(ENV_COMPOSIO_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73ca39f2eedc7fdb Environment-variable access.
pkgs/python/[email protected]/composio/client/enums/enum.py:18
    os.environ.get("COMPOSIO_NO_REMOTE_ENUM_FETCHING", "false") != "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ad58f049264c6eb Environment-variable access.
pkgs/python/[email protected]/composio/client/utils.py:18
NO_CACHE_REFRESH = os.getenv("COMPOSIO_NO_CACHE_REFRESH", "false") == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #705941e6af0db64f Filesystem access.
pkgs/python/[email protected]/composio/client/utils.py:227
            first_action = json.loads(first_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bce285bf5e9e5ee Environment-variable access.
pkgs/python/[email protected]/composio/constants.py:39
_cache_dir = os.environ.get(ENV_LOCAL_CACHE_DIRECTORY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #444cfc40432592c6 Environment-variable access.
pkgs/python/[email protected]/composio/constants.py:147
COMPOSIO_VERSIONING_POLICY = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f6f932b3d6bf592 Environment-variable access.
pkgs/python/[email protected]/composio/constants.py:147
COMPOSIO_VERSIONING_POLICY = os.environ.get(
    ENV_COMPOSIO_VERSIONING_POLICY,
    VERSION_LATEST_BASE,
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a053cdcfd2756043 Environment-variable access.
pkgs/python/[email protected]/composio/server/api.py:116
    access_token = os.environ.get(ENV_ACCESS_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab03811d66609f34 Filesystem access.
pkgs/python/[email protected]/composio/server/api.py:273
        tempfile.write_text(request.content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60038e4cf285b534 Filesystem access.
pkgs/python/[email protected]/composio/storage/base.py:67
        self.path.write_text(
            json.dumps(
                data,
                indent=2,
            ),
            encoding="utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d24ee50e8b9e9682 Filesystem access.
pkgs/python/[email protected]/composio/storage/base.py:80
                path.read_text(
                    encoding="utf-8",
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2b93b012c8717df7 Filesystem access.
pkgs/python/[email protected]/composio/tools/base/local.py:124
                _content = Path(value).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #939a6b218c818f9a Filesystem access.
pkgs/python/[email protected]/composio/tools/base/local.py:137
                _content = Path(value).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ef1a2d9872e7c51b Filesystem access.
pkgs/python/[email protected]/composio/tools/local/anthropic_computer_use/actions/computer.py:327
            base64_image = base64.b64encode(path.read_bytes()).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #865dc2d10dbc3c0d Filesystem access.
pkgs/python/[email protected]/composio/tools/local/base/action.py:183
                    with open(value, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a9e55a6f90325497 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/base/action.py:202
                    with open(value, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2f3e1aef89df2d01 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/base/utils/queries/__init__.py:11
with open(c_tags_query_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0bb61bd96f2336b9 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/clipboardtool/actions/image.py:81
            with open(temp_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #55fc21b806abc931 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/clipboardtool/actions/image.py:119
            with open(request.save_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #26ef7cee25cc7522 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/actions/base_action.py:26
        with open(self.fqdn_cache_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1f7dcdeab1ceaaf0 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/actions/create_codemap.py:154
            with open(file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a68fcf4a6e9510e5 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/actions/create_codemap.py:204
        with open(self.fqdn_cache_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #43a781ab3301ffbe Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/actions/create_codemap.py:299
        with open(status_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f1ba303cb5bce4ac Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/actions/create_codemap.py:307
        with open(status_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c7631c1a7090a98f Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/lsp_helper.py:478
        with open(file_path, "r", encoding="utf-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #90d25a89dcac2540 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/lsp_helper.py:486
        with open(file_path, "w", encoding="utf-8") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4342837266a69277 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/lsp_helper.py:637
        with open(global_path, "r") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #60bd47893f4d34cf Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/lsp_helper.py:680
        with open(_class_obj.global_path, "r", encoding="utf-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7cd0011031942cc3 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/lsp_helper.py:691
            with open(file_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #34bf733f3793ec21 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/lsp_helper.py:981
        with open(self.global_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1d0fb19901c9927a Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/lsp_helper.py:1146
        with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #76c7cd8226677244 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/tool_utils.py:74
                with open(file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #02df9e34893f8a63 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/tree_sitter_related.py:132
    with open(file_path, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1e2a6a5dfb52d93e Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/tree_sitter_related.py:198
    with open(file_path, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #69e3c3a5e8de77df Filesystem access.
pkgs/python/[email protected]/composio/tools/local/codeanalysis/tree_sitter_related.py:233
    with open(file_path, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1285c729d41be335 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/filetool/actions/apply_patch.py:62
        with open(git_root / "patch.patch", "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b4d5bc98f188db2c Filesystem access.
pkgs/python/[email protected]/composio/tools/local/filetool/actions/apply_patch.py:96
                file.path.write_text(before_file_contents[key], encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #747ee265ac85a674 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/filetool/actions/apply_patch.py:153
                file_contents[file_path] = file.path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #87aac2c200c18731 Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/filetool/actions/git_clone.py:35
        github_access_token or os.environ.get("GITHUB_ACCESS_TOKEN", "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #6c5938fd8ea93dcf Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/filetool/actions/git_clone.py:38
    if not github_access_token and os.environ.get("ALLOW_CLONE_WITHOUT_REPO") != "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #23d8d46131b10c72 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/filetool/actions/git_repo_tree.py:77
            with open(tree_file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #873779ceef9285d1 Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/greptile/actions/codequery.py:71
        token = metadata.get("greptile_token", os.getenv("GREPTILE_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #781b8d685893a885 Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/greptile/actions/codequery.py:76
        github_token = metadata.get("github_token", os.getenv("GITHUB_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling reachable #edb55119b9564103 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/composio/tools/local/greptile/actions/codequery.py:107
        response = requests.post(
            "https://api.greptile.com/v2/query",
            headers=headers,
            data=json.dumps(data),
            timeout=request.timeout,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling reachable #a01683123ca8a368 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/imageanalyser/actions/image_analyser.py:89
        with open(file_path, "rb") as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f9ec0b9a3b6a7983 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/imageanalyser/actions/image_analyser.py:132
            with open(media_path, "rb") as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7fa6c22663d58055 Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/imageanalyser/actions/image_analyser.py:179
        media_model_choice = os.environ.get("MEDIA_MODEL_CHOICE", "gpt-4o")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #25b6016ba45644b3 Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/imageanalyser/actions/image_analyser.py:216
            key = os.environ.get("OPENAI_API_KEY") or metadata.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #dbb70d8b9d7f6a34 Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/imageanalyser/actions/image_analyser.py:220
            key = os.environ.get("ANTHROPIC_API_KEY") or metadata.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ec1a9ce6565d83d6 Filesystem access.
pkgs/python/[email protected]/composio/tools/local/shelltool/shell_exec/actions/spawn.py:89
        pid.write_text(str(process.pid))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fdd15ef3a0b1334a Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/shelltool/utils.py:23
    github_access_token = os.environ.get("GITHUB_ACCESS_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3f9abc2e3b84d2c6 Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/shelltool/utils.py:25
        if os.environ.get("ALLOW_CLONE_WITHOUT_REPO") != "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #55da9c6b3d498ae5 Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/zep/actions/add_memory.py:39
        client = Zep(api_key=os.environ.get("ZEP_API_KEY", metadata.get("api_key")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fb26693b539e6e90 Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/zep/actions/create_session.py:39
        client = Zep(api_key=os.environ.get("ZEP_API_KEY", metadata.get("api_key")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e8ee7a51f1d2396f Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/zep/actions/get_memory.py:44
        client = Zep(api_key=os.environ.get("ZEP_API_KEY", metadata.get("api_key")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0c95b131683758db Environment-variable access.
pkgs/python/[email protected]/composio/tools/local/zep/actions/search_memory.py:51
        client = Zep(api_key=os.environ.get("ZEP_API_KEY", metadata.get("api_key")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f15979a621384951 Environment-variable access.
pkgs/python/[email protected]/composio/tools/toolset.py:125
        _IS_CI = os.environ.get("CI") == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a727e49eec08b847 Filesystem access.
pkgs/python/[email protected]/composio/tools/toolset.py:161
        with open(self._path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8517c83e88610100 Filesystem access.
pkgs/python/[email protected]/composio/tools/toolset.py:179
        with open(self._path, "w", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d0d279d4f798f97a Filesystem access.
pkgs/python/[email protected]/composio/tools/toolset.py:377
            with open(path, "w", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #26e6a1d462327ae1 Filesystem access.
pkgs/python/[email protected]/composio/tools/toolset.py:381
        with open(path, "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #894738ede026e991 Environment-variable access.
pkgs/python/[email protected]/composio/tools/toolset.py:1549
                or os.environ.get(ENV_COMPOSIO_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #832d527b54ce8c3c Environment-variable access.
pkgs/python/[email protected]/composio/tools/toolset.py:1699
        from_env = os.environ.get(f"_COMPOSIO_{ENV_GITHUB_ACCESS_TOKEN}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62cdeb4c55daab54 Environment-variable access.
pkgs/python/[email protected]/composio/utils/descope.py:55
        self.project_id = project_id or os.environ.get("DESCOPE_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d73b0927b4a1b37 Environment-variable access.
pkgs/python/[email protected]/composio/utils/descope.py:56
        self.management_key = management_key or os.environ.get("DESCOPE_MANAGEMENT_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d474d6d8c4496401 Environment-variable access.
pkgs/python/[email protected]/composio/utils/descope.py:58
            base_url or os.environ.get("DESCOPE_BASE_URL") or "https://api.descope.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05db9eb70f967744 Environment-variable access.
pkgs/python/[email protected]/composio/utils/logging.py:20
_LOG_VERBOSITY = int(os.environ.get("COMPOSIO_LOG_VERBOSITY", 0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64c50e7c8ca26eee Environment-variable access.
pkgs/python/[email protected]/composio/utils/logging.py:103
    level = os.environ.get(ENV_COMPOSIO_LOGGING_LEVEL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2fe8a82155325ff Filesystem access.
pkgs/python/[email protected]/composio/utils/sentry.py:47
        data = json.loads(user_file.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4187fd64b932d0f Environment-variable access.
pkgs/python/[email protected]/composio/utils/sentry.py:79
    if os.environ.get("COMPOSIO_DISABLE_SENTRY", "false").lower() in ("true", "t"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #586574a1ea55c7f4 Filesystem access.
pkgs/python/[email protected]/composio/utils/sentry.py:117
            data = json.loads(user_file.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdd389bee282a0a6 Filesystem access.
pkgs/python/[email protected]/composio/utils/sentry.py:136
    user_file.write_text(json.dumps(data), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5e66fa6c2466cf9 Environment-variable access.
pkgs/python/[email protected]/composio/utils/url.py:19
    return os.environ.get(ENV_COMPOSIO_BASE_URL) or DEFAULT_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #eaa01b102ee244db Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/composio/utils/warnings.py:19
        request = requests.get(COMPOSIO_PYPI_METADATA, timeout=10.0)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d17aa5a293d16a47 Environment-variable access.
pkgs/python/[email protected]/composio/utils/warnings.py:30
    if os.environ.get("COMPOSIO_DISABLE_VERSION_CHECK", "false").lower() != "false":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf3babb4b476d1eb Filesystem access.
pkgs/python/[email protected]/setup.py:97
    long_description=(Path(__file__).parent / "README.md").read_text(encoding="utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

crewai

python dependency
high pii_flow dependency Excluded from app score #cd914cc0514f61aa User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai/a2a/auth/client_schemes.py:256 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai/a2a/auth/client_schemes.py:256 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai/a2a/auth/client_schemes.py:256
        client.auth = DigestAuth(self.username, self.password)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry dependency Excluded from app score #398dcd17330f6414 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/crew.py:21
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dc2c1cc9d14c68b5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/crew.py:22
from opentelemetry.context import attach, detach

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d4ff67a1f0a4d91 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/crew.py:42
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #28c09f36579c1d47 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/crews/utils.py:9
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b624f91df83db730 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/flow/runtime/__init__.py:35
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #afd5966ee8b7bdb9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/flow/runtime/__init__.py:36
from opentelemetry.context import attach, detach

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #feeaca01fe31ba70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/telemetry/telemetry.py:23
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cc184681305774f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/telemetry/telemetry.py:24
from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
    OTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c5d1694433ab7862 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/telemetry/telemetry.py:27
from opentelemetry.sdk.resources import SERVICE_NAME, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #64b514a7ebd808b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/telemetry/telemetry.py:28
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a34879af83f563d3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/telemetry/telemetry.py:29
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    SpanExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2c66b808128c1d4e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/telemetry/telemetry.py:33
from opentelemetry.trace import ProxyTracerProvider, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #de218e2571d282f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/telemetry/utils.py:11
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a5aa09ccde79e14 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai/utilities/crew/crew_context.py:5
from opentelemetry import baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 108 low-confidence finding(s)
low env_fs dependency Excluded from app score #d884ac648ce4fd6e Filesystem access.
pkgs/python/[email protected]/src/crewai/a2a/auth/client_schemes.py:112
            root_certs = Path(self.ca_cert_path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11e7b1a57ac945e0 Filesystem access.
pkgs/python/[email protected]/src/crewai/a2a/auth/client_schemes.py:115
            private_key = Path(self.client_key_path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b78cff7b8c2237d Filesystem access.
pkgs/python/[email protected]/src/crewai/a2a/auth/client_schemes.py:116
            certificate_chain = Path(self.client_cert_path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a45bf17a5a103a05 Environment-variable access.
pkgs/python/[email protected]/src/crewai/a2a/auth/server_schemes.py:151
        return os.environ.get("AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbfab1ce899e7a52 Filesystem access.
pkgs/python/[email protected]/src/crewai/a2a/config.py:130
            return Path(self.private_key_path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2aafa949a2a358bb Environment-variable access.
pkgs/python/[email protected]/src/crewai/a2a/utils/task.py:102
_redis_url = os.environ.get("REDIS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2bc077c69d46d3e Environment-variable access.
pkgs/python/[email protected]/src/crewai/agent/core.py:1209
            else os.getenv(CREWAI_TRAINED_AGENTS_FILE_ENV, TRAINED_AGENTS_DATA_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e829ef89753c216 Environment-variable access.
pkgs/python/[email protected]/src/crewai/context.py:47
        token = os.getenv("CREWAI_PLATFORM_INTEGRATION_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f6245425ce61fce Environment-variable access.
pkgs/python/[email protected]/src/crewai/events/listeners/tracing/trace_listener.py:194
            "user_id": os.getenv("CREWAI_USER_ID", "anonymous"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9177c70b3ce11f5 Environment-variable access.
pkgs/python/[email protected]/src/crewai/events/listeners/tracing/trace_listener.py:195
            "organization_id": os.getenv("CREWAI_ORG_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c200b0b9905f8bc0 Environment-variable access.
pkgs/python/[email protected]/src/crewai/events/listeners/tracing/utils.py:128
    env_value = os.getenv("CREWAI_TRACING_ENABLED", "").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6486b9ff741bc0b Environment-variable access.
pkgs/python/[email protected]/src/crewai/events/listeners/tracing/utils.py:188
    return os.environ.get("CREWAI_TESTING", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #951a7f2928838c72 Filesystem access.
pkgs/python/[email protected]/src/crewai/events/listeners/tracing/utils.py:297
                content = path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51be95d53feffab9 Environment-variable access.
pkgs/python/[email protected]/src/crewai/events/listeners/tracing/utils.py:341
            container_id = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9b794233856cc4c Environment-variable access.
pkgs/python/[email protected]/src/crewai/events/listeners/tracing/utils.py:341
            container_id = os.environ.get(
                "HOSTNAME", os.environ.get("CONTAINER_ID", "")
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dd28b4717e3a8d7 Environment-variable access.
pkgs/python/[email protected]/src/crewai/events/listeners/tracing/utils.py:342
                "HOSTNAME", os.environ.get("CONTAINER_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb6fc6c5e863a558 Filesystem access.
pkgs/python/[email protected]/src/crewai/events/listeners/tracing/utils.py:380
        p.write_text(json.dumps(data, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2eb6abc31d899ca7 Filesystem access.
pkgs/python/[email protected]/src/crewai/events/listeners/tracing/utils.py:412
        p.write_text(json.dumps(data, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3519f2319a714ffa Environment-variable access.
pkgs/python/[email protected]/src/crewai/events/utils/console_formatter.py:70
        if os.getenv("CI", "").lower() in ("true", "1"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc03772a2baf1860 Environment-variable access.
pkgs/python/[email protected]/src/crewai/events/utils/console_formatter.py:73
        if os.getenv("CREWAI_DISABLE_VERSION_CHECK", "").lower() in ("true", "1"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a806fe2a656e4fed Filesystem access.
pkgs/python/[email protected]/src/crewai/experimental/evaluation/experiment/result.py:42
            with open(filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac03a48dac708579 Filesystem access.
pkgs/python/[email protected]/src/crewai/experimental/evaluation/experiment/result.py:58
                with open(baseline_filepath, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc1a3d59d643ff37 Filesystem access.
pkgs/python/[email protected]/src/crewai/experimental/evaluation/experiment/result.py:73
                with open(baseline_filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffee9c66e97e7f3a Filesystem access.
pkgs/python/[email protected]/src/crewai/experimental/evaluation/experiment/result.py:91
            with open(baseline_filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c881b68ee7e375c6 Environment-variable access.
pkgs/python/[email protected]/src/crewai/experimental/skills/_flag.py:16
    return os.environ.get(ENV_VAR) == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6e20010766409e6 Filesystem access.
pkgs/python/[email protected]/src/crewai/experimental/skills/cache.py:91
        (skill_dir / _META_FILENAME).write_text(json.dumps(meta, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #435f23e39cbd2bcd Filesystem access.
pkgs/python/[email protected]/src/crewai/experimental/skills/cache.py:106
                        results.append(json.loads(meta_file.read_text()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8c9ce84b9189912 Environment-variable access.
pkgs/python/[email protected]/src/crewai/experimental/skills/registry.py:76
        os.environ.get("CI") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf00f0026ccd6bbe Environment-variable access.
pkgs/python/[email protected]/src/crewai/experimental/skills/registry.py:77
        or os.environ.get("CREWAI_NONINTERACTIVE") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12359215942388c5 Filesystem access.
pkgs/python/[email protected]/src/crewai/flow/flow_definition.py:824
            contents = source_path.expanduser().read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2919cdb5d206ad4 Environment-variable access.
pkgs/python/[email protected]/src/crewai/flow/runtime/_actions.py:238
        raw = os.environ.get(_ALLOW_SCRIPT_EXECUTION_ENV_VAR, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #301ac559810a76ca Filesystem access.
pkgs/python/[email protected]/src/crewai/flow/skill.py:90
    example_yaml = (_TEMPLATES_DIR / "flow_definition_example.yaml").read_text(
        encoding="utf-8"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dfe30454f04a805 Filesystem access.
pkgs/python/[email protected]/src/crewai/flow/visualization/renderers/interactive.py:414
    css_content = css_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba1a00add39afec2 Filesystem access.
pkgs/python/[email protected]/src/crewai/flow/visualization/renderers/interactive.py:421
    css_output_path.write_text(css_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cefc8db4ecd885e Filesystem access.
pkgs/python/[email protected]/src/crewai/flow/visualization/renderers/interactive.py:424
    js_content = js_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe6441704b79c784 Filesystem access.
pkgs/python/[email protected]/src/crewai/flow/visualization/renderers/interactive.py:438
    js_output_path.write_text(js_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20501590f31e849e Filesystem access.
pkgs/python/[email protected]/src/crewai/flow/visualization/renderers/interactive.py:461
    output_path.write_text(html_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31151a6cbdcc7c75 Environment-variable access.
pkgs/python/[email protected]/src/crewai/knowledge/knowledge.py:66
os.environ["TOKENIZERS_PARALLELISM"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ddb3ef8f463eab1 Filesystem access.
pkgs/python/[email protected]/src/crewai/knowledge/source/csv_knowledge_source.py:17
            with open(file_path, "r", encoding="utf-8") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acb0207260d98744 Filesystem access.
pkgs/python/[email protected]/src/crewai/knowledge/source/json_knowledge_source.py:18
            with open(path, "r", encoding="utf-8") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4cdd683932dc4b5 Filesystem access.
pkgs/python/[email protected]/src/crewai/knowledge/source/text_file_knowledge_source.py:17
            with open(path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ddf56ccf091d1e6 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llm.py:2484
            success_callbacks_str = os.environ.get("LITELLM_SUCCESS_CALLBACKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a47b1e459c9760a1 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llm.py:2491
            failure_callbacks_str = os.environ.get("LITELLM_FAILURE_CALLBACKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d5ecf6ee40eb9fa Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/anthropic/completion.py:256
            self.api_key = os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b3754f9996d7024 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/azure/completion.py:122
        data["api_key"] = data.get("api_key") or os.getenv("AZURE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d5364a67e50d827 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/azure/completion.py:125
            or os.getenv("AZURE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbaf479ff35cec66 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/azure/completion.py:126
            or os.getenv("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e71adb5623e676a0 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/azure/completion.py:127
            or os.getenv("AZURE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd28476ca4d936f2 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/azure/completion.py:130
            data.get("api_version") or os.getenv("AZURE_API_VERSION") or "2024-06-01"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16bb5a645fc4d2c2 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/azure/completion.py:164
        raw = os.getenv("AZURE_CREDENTIAL_SCOPES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d03e79d68175171 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/azure/completion.py:271
            self.api_key = os.getenv("AZURE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d829153a058491b Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/azure/completion.py:274
                os.getenv("AZURE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e3d057cb5f92b47 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/azure/completion.py:275
                or os.getenv("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af91bad3cd7e4331 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/azure/completion.py:276
                or os.getenv("AZURE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9d107c75b3f003a Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/bedrock/completion.py:275
        data["aws_access_key_id"] = data.get("aws_access_key_id") or os.getenv(
            "AWS_ACCESS_KEY_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90f1bfa62de80c3e Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/bedrock/completion.py:278
        data["aws_secret_access_key"] = data.get("aws_secret_access_key") or os.getenv(
            "AWS_SECRET_ACCESS_KEY"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e763340b69d6b48b Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/bedrock/completion.py:281
        data["aws_session_token"] = data.get("aws_session_token") or os.getenv(
            "AWS_SESSION_TOKEN"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67a4fb79de74a1d1 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/bedrock/completion.py:286
            or os.getenv("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7d80eb8ea4a64ad Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/bedrock/completion.py:287
            or os.getenv("AWS_REGION_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b56f12360ba1dcd Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/gemini/completion.py:84
            or os.getenv("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a465e903e535e34b Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/gemini/completion.py:85
            or os.getenv("GEMINI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53e745f006b2b782 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/gemini/completion.py:87
        data["project"] = data.get("project") or os.getenv("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77870c803b7973e3 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/gemini/completion.py:89
            data.get("location") or os.getenv("GOOGLE_CLOUD_LOCATION") or "us-central1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4da45631956b066 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/gemini/completion.py:94
            use_vx = os.getenv("GOOGLE_GENAI_USE_VERTEXAI", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb330e744b607126 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/gemini/completion.py:133
                self.api_key = os.getenv("GOOGLE_API_KEY") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #591f4d055db58161 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/gemini/completion.py:133
                self.api_key = os.getenv("GOOGLE_API_KEY") or os.getenv(
                    "GEMINI_API_KEY"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #339a12936c18cc37 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/gemini/completion.py:137
                self.project = os.getenv("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afaa494c39d1fc55 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/openai/completion.py:250
        data["api_key"] = data.get("api_key") or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ac2c792f4a808f8 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/openai/completion.py:364
            self.api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96c9728638c204d3 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/openai/completion.py:374
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b79906ec342ce33 Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/openai_compatible/completion.py:189
        env_key = os.getenv(config.api_key_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e7f03db995cb0fc Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/openai_compatible/completion.py:220
            env_value = os.getenv(config.base_url_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #020dcc2652fb762d Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/snowflake/completion.py:93
                token = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58ba6ba9b84d9dfa Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/snowflake/completion.py:114
        account_url = data.get("account_url") or os.getenv("SNOWFLAKE_ACCOUNT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e607eb83f657e9fc Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/snowflake/completion.py:122
            or os.getenv("SNOWFLAKE_ACCOUNT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e926dca8336165cc Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/snowflake/completion.py:123
            or os.getenv("SNOWFLAKE_ACCOUNT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c5e6e462dc28a1a Environment-variable access.
pkgs/python/[email protected]/src/crewai/llms/providers/snowflake/completion.py:124
            or os.getenv("SNOWFLAKE_ACCOUNT_IDENTIFIER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26cc0ccb0612a4f7 Environment-variable access.
pkgs/python/[email protected]/src/crewai/memory/storage/lancedb_storage.py:68
            storage_dir = os.environ.get("CREWAI_STORAGE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #248627bb5d042798 Environment-variable access.
pkgs/python/[email protected]/src/crewai/memory/storage/qdrant_edge_storage.py:104
            storage_dir = os.environ.get("CREWAI_STORAGE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f53ad7b12a1b224c Filesystem access.
pkgs/python/[email protected]/src/crewai/project/crew_base.py:391
        with open(config_path, encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70910e4a1b40f729 Filesystem access.
pkgs/python/[email protected]/src/crewai/project/json_loader.py:209
    return parse_jsonc(path.read_text(encoding="utf-8"), source=path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #031ea55ad342c6c0 Environment-variable access.
pkgs/python/[email protected]/src/crewai/rag/chromadb/config.py:61
            api_key=os.getenv("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c7850fc1376bb3d Filesystem access.
pkgs/python/[email protected]/src/crewai/skills/parser.py:89
    content = path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ebaf74a278004f8 Filesystem access.
pkgs/python/[email protected]/src/crewai/state/provider/json_provider.py:66
        with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfee749526e199a5 Filesystem access.
pkgs/python/[email protected]/src/crewai/state/provider/json_provider.py:132
        return Path(location).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c1ee3ab2a222b34 Filesystem access.
pkgs/python/[email protected]/src/crewai/state/provider/utils.py:29
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e08b887213371f33 Environment-variable access.
pkgs/python/[email protected]/src/crewai/telemetry/telemetry.py:151
            os.getenv("OTEL_SDK_DISABLED", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edc258e15b79677a Environment-variable access.
pkgs/python/[email protected]/src/crewai/telemetry/telemetry.py:152
            or os.getenv("CREWAI_DISABLE_TELEMETRY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaa904c7a41557c2 Environment-variable access.
pkgs/python/[email protected]/src/crewai/telemetry/telemetry.py:153
            or os.getenv("CREWAI_DISABLE_TRACKING", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdcd3f518d07c95e Environment-variable access.
pkgs/python/[email protected]/src/crewai/types/callback.py:27
    raw = os.environ.get("CREWAI_DESERIALIZE_CALLBACKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a16f0628b992dfff Environment-variable access.
pkgs/python/[email protected]/src/crewai/utilities/env.py:20
    return any(os.environ.get(var) for var in CODEX_ENV_VARS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25a7118b94c4921b Environment-variable access.
pkgs/python/[email protected]/src/crewai/utilities/env.py:24
    return any(os.environ.get(var) for var in CURSOR_ENV_VARS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1137cf32facc7c86 Environment-variable access.
pkgs/python/[email protected]/src/crewai/utilities/env.py:32
    if os.environ.get(CC_ENV_VAR):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ae63314e2e2fe99 Filesystem access.
pkgs/python/[email protected]/src/crewai/utilities/file_handler.py:94
                        with open(self._path, encoding="utf-8") as read_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff47d4df33bf695c Filesystem access.
pkgs/python/[email protected]/src/crewai/utilities/file_handler.py:100
                    with open(self._path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30141c3106108327 Filesystem access.
pkgs/python/[email protected]/src/crewai/utilities/file_handler.py:112
                    with open(self._path, "a", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d4184b65a8868cd Filesystem access.
pkgs/python/[email protected]/src/crewai/utilities/file_handler.py:151
            with open(self.file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eb107973aed4f84 Filesystem access.
pkgs/python/[email protected]/src/crewai/utilities/file_handler.py:165
                with open(self.file_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0dc6dcc976e450c Filesystem access.
pkgs/python/[email protected]/src/crewai/utilities/i18n.py:38
                with open(self.prompt_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8216c61ed5e4007 Filesystem access.
pkgs/python/[email protected]/src/crewai/utilities/i18n.py:44
                with open(prompts_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee766794d70a438c Environment-variable access.
pkgs/python/[email protected]/src/crewai/utilities/llm_utils.py:104
        os.environ.get("MODEL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08555bb7ecad83dc Environment-variable access.
pkgs/python/[email protected]/src/crewai/utilities/llm_utils.py:105
        or os.environ.get("MODEL_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90290829f26f5c0f Environment-variable access.
pkgs/python/[email protected]/src/crewai/utilities/llm_utils.py:106
        or os.environ.get("OPENAI_MODEL_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #233ec22dabf9ee0d Environment-variable access.
pkgs/python/[email protected]/src/crewai/utilities/llm_utils.py:130
        os.environ.get("BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da5e648b998d99b6 Environment-variable access.
pkgs/python/[email protected]/src/crewai/utilities/llm_utils.py:131
        or os.environ.get("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #966542d877ceaf9c Environment-variable access.
pkgs/python/[email protected]/src/crewai/utilities/llm_utils.py:132
        or os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c5c9d92861002d9 Environment-variable access.
pkgs/python/[email protected]/src/crewai/utilities/llm_utils.py:135
    api_base = os.environ.get("API_BASE") or os.environ.get("AZURE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4de920ec794e740 Environment-variable access.
pkgs/python/[email protected]/src/crewai/utilities/llm_utils.py:178
                    env_value = os.environ.get(key_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

e2b

python dependency
high pii_flow dependency Excluded from app score #5e89f609f54f058f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/api/__init__.py:65 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/api/__init__.py:66 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/api/__init__.py:65
limits = Limits(
    max_keepalive_connections=int(os.getenv("E2B_MAX_KEEPALIVE_CONNECTIONS", "20")),
    max_connections=int(os.getenv("E2B_MAX_CONNECTIONS", "2000")),
    keepalive_expiry=int(os.getenv("E2B_KEEPALIVE_EXPIRY", "300")),
)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #ac3dc48704f4ab28 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/api/client/client.py:232 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/api/client/client.py:230 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/api/client/client.py:232
            self._client = httpx.Client(
                base_url=self._base_url,
                cookies=self._cookies,
                headers=self._headers,
                timeout=self._timeout,
                verify=self._verify_ssl,
                follow_redirects=self._follow_redirects,
                **self._httpx_args,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #35a8332694c0db92 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/api/client/client.py:268 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/api/client/client.py:266 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/api/client/client.py:268
            self._async_client = httpx.AsyncClient(
                base_url=self._base_url,
                cookies=self._cookies,
                headers=self._headers,
                timeout=self._timeout,
                verify=self._verify_ssl,
                follow_redirects=self._follow_redirects,
                **self._httpx_args,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #e4cb311d6ca3d6d4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/volume/client/client.py:232 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/volume/client/client.py:230 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/volume/client/client.py:232
            self._client = httpx.Client(
                base_url=self._base_url,
                cookies=self._cookies,
                headers=self._headers,
                timeout=self._timeout,
                verify=self._verify_ssl,
                follow_redirects=self._follow_redirects,
                **self._httpx_args,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #c7e8f5ee485ab1fd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/volume/client/client.py:268 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/volume/client/client.py:266 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/volume/client/client.py:268
            self._async_client = httpx.AsyncClient(
                base_url=self._base_url,
                cookies=self._cookies,
                headers=self._headers,
                timeout=self._timeout,
                verify=self._verify_ssl,
                follow_redirects=self._follow_redirects,
                **self._httpx_args,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #dc4578a3261dbaa3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/volume/client_async/__init__.py:16 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/volume/client_async/__init__.py:17 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/volume/client_async/__init__.py:16
limits = Limits(
    max_keepalive_connections=int(os.getenv("E2B_MAX_KEEPALIVE_CONNECTIONS", "20")),
    max_connections=int(os.getenv("E2B_MAX_CONNECTIONS", "2000")),
    keepalive_expiry=int(os.getenv("E2B_KEEPALIVE_EXPIRY", "300")),
)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #d4917d2d1d16a093 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/e2b/volume/client_sync/__init__.py:15 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/volume/client_sync/__init__.py:16 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/e2b/volume/client_sync/__init__.py:15
limits = Limits(
    max_keepalive_connections=int(os.getenv("E2B_MAX_KEEPALIVE_CONNECTIONS", "20")),
    max_connections=int(os.getenv("E2B_MAX_CONNECTIONS", "2000")),
    keepalive_expiry=int(os.getenv("E2B_KEEPALIVE_EXPIRY", "300")),
)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 25 low-confidence finding(s)
low env_fs dependency Excluded from app score #b7309a1f90a102e0 Environment-variable access.
pkgs/python/[email protected]/e2b/api/__init__.py:66
    max_keepalive_connections=int(os.getenv("E2B_MAX_KEEPALIVE_CONNECTIONS", "20")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c33339a935428c40 Environment-variable access.
pkgs/python/[email protected]/e2b/api/__init__.py:67
    max_connections=int(os.getenv("E2B_MAX_CONNECTIONS", "2000")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fae2c8909ba74738 Environment-variable access.
pkgs/python/[email protected]/e2b/api/__init__.py:68
    keepalive_expiry=int(os.getenv("E2B_KEEPALIVE_EXPIRY", "300")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d16309ece4888f1 Environment-variable access.
pkgs/python/[email protected]/e2b/api/__init__.py:71
connection_retries = int(os.getenv("E2B_CONNECTION_RETRIES", "3"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1532e455338069ca Environment-variable access.
pkgs/python/[email protected]/e2b/connection_config.py:80
        return os.getenv("E2B_DOMAIN") or "e2b.app"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8919089941f51877 Environment-variable access.
pkgs/python/[email protected]/e2b/connection_config.py:84
        return os.getenv("E2B_DEBUG", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17ff7c3e20762cc8 Environment-variable access.
pkgs/python/[email protected]/e2b/connection_config.py:88
        return os.getenv("E2B_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82efb926ca83d578 Environment-variable access.
pkgs/python/[email protected]/e2b/connection_config.py:92
        return os.getenv("E2B_VALIDATE_API_KEY", "true").lower() != "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #286477bf61322d33 Environment-variable access.
pkgs/python/[email protected]/e2b/connection_config.py:96
        return os.getenv("E2B_API_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5feb1ee60f710a59 Environment-variable access.
pkgs/python/[email protected]/e2b/connection_config.py:100
        return os.getenv("E2B_SANDBOX_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f404897ab50b8de Environment-variable access.
pkgs/python/[email protected]/e2b/connection_config.py:104
        return os.getenv("E2B_ACCESS_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b3d7420656b7312 Filesystem access.
pkgs/python/[email protected]/e2b/template/dockerfile_parser.py:71
        with open(dockerfile_content_or_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a07afc8efe1aa79e Filesystem access.
pkgs/python/[email protected]/e2b/template/dockerfile_parser.py:81
        with open(dockerfile_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90b9d50945c371f5 Filesystem access.
pkgs/python/[email protected]/e2b/template/utils.py:117
    with open(dockerignore_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae8b75bc8de3daa1 Filesystem access.
pkgs/python/[email protected]/e2b/template/utils.py:251
            with open(file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcde06c7815b9a4b Filesystem access.
pkgs/python/[email protected]/e2b/template/utils.py:421
        with open(
            os.path.join(context_path, path_or_content), "r", encoding="utf-8"
        ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7dde7f0ab7abe3f Environment-variable access.
pkgs/python/[email protected]/e2b/volume/client_async/__init__.py:17
    max_keepalive_connections=int(os.getenv("E2B_MAX_KEEPALIVE_CONNECTIONS", "20")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #407a2380c1ee2dd6 Environment-variable access.
pkgs/python/[email protected]/e2b/volume/client_async/__init__.py:18
    max_connections=int(os.getenv("E2B_MAX_CONNECTIONS", "2000")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77dce54d2e965824 Environment-variable access.
pkgs/python/[email protected]/e2b/volume/client_async/__init__.py:19
    keepalive_expiry=int(os.getenv("E2B_KEEPALIVE_EXPIRY", "300")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32ef2900d526a48c Environment-variable access.
pkgs/python/[email protected]/e2b/volume/client_sync/__init__.py:16
    max_keepalive_connections=int(os.getenv("E2B_MAX_KEEPALIVE_CONNECTIONS", "20")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dd84c1bebde9ff3 Environment-variable access.
pkgs/python/[email protected]/e2b/volume/client_sync/__init__.py:17
    max_connections=int(os.getenv("E2B_MAX_CONNECTIONS", "2000")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #842a1af807f28d9d Environment-variable access.
pkgs/python/[email protected]/e2b/volume/client_sync/__init__.py:18
    keepalive_expiry=int(os.getenv("E2B_KEEPALIVE_EXPIRY", "300")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ce7f37453818a52 Environment-variable access.
pkgs/python/[email protected]/e2b/volume/connection_config.py:58
        return os.getenv("E2B_DOMAIN") or "e2b.app"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e33f473cfe1282a3 Environment-variable access.
pkgs/python/[email protected]/e2b/volume/connection_config.py:62
        return os.getenv("E2B_DEBUG", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e20682f73ab89710 Environment-variable access.
pkgs/python/[email protected]/e2b/volume/connection_config.py:66
        return os.getenv("E2B_VOLUME_API_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

firecrawl-py

python dependency
high pii_flow tooling reachable #70213c0c98a4a288 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:20 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:10 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:20
    resp = requests.post(idmux_url + "/", json=payload)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #01f6715cbac71a0b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:687 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:689 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:687
        response = requests.post(
            f"{self.api_url}/v1/search",
            headers={"Authorization": f"Bearer {self.api_key}"},
            json=params_dict
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #d0dc9508076cdc39 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:1253 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:1255 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:1253
        response = requests.post(
            f"{self.api_url}/v1/map",
            headers={"Authorization": f"Bearer {self.api_key}"},
            json=params_dict
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #839bc5fa8de72869 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/firecrawl/v1/client.py:765 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/firecrawl/v1/client.py:767 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/firecrawl/v1/client.py:765
        response = requests.post(
            f"{self.api_url}/v1/search",
            headers={"Authorization": f"Bearer {self.api_key}"},
            json=params_dict
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #6d26d16257374e17 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/firecrawl/v1/client.py:1418 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/firecrawl/v1/client.py:1420 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/firecrawl/v1/client.py:1418
        response = requests.post(
            f"{self.api_url}/v1/map",
            headers={"Authorization": f"Bearer {self.api_key}"},
            json=params_dict
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 115 low-confidence finding(s)
low env_fs dependency Excluded from app score #edd6dbf1bff938f1 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__init__.py:52
    if not (env := os.getenv("FIRECRAWL_LOGGING_LEVEL", "").upper()):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #15de169c14126ccb Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/conftest.py:38
    missing_vars = [var for var in required_vars if not os.getenv(var)]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #65511ac1065e24c4 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/conftest.py:49
    key = os.getenv("API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a7ddb8acbf9e0529 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/conftest.py:58
    url = os.getenv("API_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3ef79010c4120f0d Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:11
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #17250add76de58a4 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:14
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #27fc86c6b5cdcebb Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:20
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ff04dd1dad729876 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:35
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #678d232f2ac9efea Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:80
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8455e268f9dc039d Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:87
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #10bffd5783591a3d Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:94
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a3089f47ca88b8a3 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:105
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d1eb58410c9b67c0 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:113
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #431d8bba49484507 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:121
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3026f65deedcd7f0 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:129
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #95cb34fd5a7b5bd6 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:138
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b5f99c465947869e Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:146
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #648dd839a1ffa0f0 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:156
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #53a93ed996354934 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:163
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #af71d157b032a6f0 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_crawl.py:175
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #dafc6aa45ace2fce Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_extract.py:9
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #6cc7f814885e5531 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_extract.py:12
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #dc32f98dad6f55bd Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_extract.py:18
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #884cbae50c91cc08 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_extract.py:25
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8b3fae3b95a285b2 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_map.py:9
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c7ea3918367eeda2 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_map.py:12
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #253a7e5fe9827e78 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_map.py:18
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #06c8cb8f01cca2c4 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_map.py:29
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3ec296b7bc71e5ba Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_parse.py:8
API_KEY = (os.getenv("API_KEY") or "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7ef2b5639ade7e99 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_parse.py:9
API_URL = (os.getenv("API_URL") or "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #39745c36e0a24e3f Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_scrape.py:10
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #75b9f78dcb8db559 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_scrape.py:13
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e4f0159057878387 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_scrape.py:19
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4bb3ae558f06d13d Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_scrape.py:35
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #00f2f9f9d4fe3071 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_scrape.py:74
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4a36e94867fc0e00 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_scrape.py:86
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fd992ce6be6a247c Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_scrape.py:104
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f32be0c4c87bd419 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_scrape.py:123
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ad94478e5b98ac8c Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_scrape.py:135
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c025adebdf3f6f72 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_search.py:17
firecrawl = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9268e73ab784c003 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_usage.py:9
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4905ee3e93b97033 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_usage.py:12
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #101768f6871c5abe Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_usage.py:18
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #09dd8c104947d948 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_usage.py:25
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f91dfb43bb1a9329 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_usage.py:32
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3cf7b4099f32cae4 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_usage.py:39
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0c69e5bad63512fc Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_watcher.py:11
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #db8690f0b0f96fd1 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_watcher.py:14
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0e32af71f1ce8888 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_watcher.py:20
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0a53b6eb4d166473 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/aio/test_aio_watcher.py:32
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2a261649707db175 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:10
    idmux_url = os.getenv("IDMUX_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e499c9c9dddf8867 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:13
    run_number = int(os.getenv("GITHUB_RUN_NUMBER") or 0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #01cf73eb96ec095c Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:15
        "refName": os.getenv("GITHUB_REF_NAME") or "local",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #940677d073050242 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:28
        os.getenv("TEST_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #22c14e3dfdb43422 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:29
        or os.getenv("FIRECRAWL_API_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #aaed40f584849120 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:30
        or os.getenv("API_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b1336c113ff59172 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:37
    os.getenv("TEST_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1d4be79a325742c9 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:38
    or os.getenv("FIRECRAWL_API_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #451d11895f55e0cf Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:39
    or os.getenv("API_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3759e34833d5eb99 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:43
_IDMUX_URL = os.getenv("IDMUX_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a298bc2010d5060d Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:45
    run_name = os.getenv("PYTEST_RUN_NAME") or "py-e2e"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #699c49419e7f2e9f Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:48
    os.environ["API_KEY"] = _IDENTITY.get("apiKey", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #40d70baa6410824b Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:49
    os.environ["API_URL"] = _API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ea4edf3c9208e52f Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/conftest.py:53
    return _IDENTITY or {"apiKey": os.getenv("API_KEY") or "", "teamId": os.getenv("TEST_TEAM_ID") or os.getenv("TEAM_ID") or ""}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ef8df51e9a08c693 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_async.py:12
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #427054763b43cd8f Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_async.py:15
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #47cd4b180bcba213 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_async.py:21
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4c67340ef8182574 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_async.py:30
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3e155e7dda591502 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_async.py:46
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #00396a0b77d79ac8 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_async.py:64
    client = AsyncFirecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5897b1797bd0caf2 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_batch_scrape.py:10
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #523e1dbfef8fe9a0 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_batch_scrape.py:13
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0a69c16bb4714f0a Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_batch_scrape.py:21
        self.client = Firecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9e441840fb1764c0 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_crawl.py:10
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3921daa0af98bfbc Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_crawl.py:13
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c6d0b37b1a3d39fa Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_crawl.py:21
        self.client = Firecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #70dff1591ef55643 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_extract.py:7
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #72b57ebf4ca712be Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_extract.py:10
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d6aef65c781925ca Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_extract.py:18
        self.client = Firecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7a849700f3d51c96 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_map.py:8
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2362f1d33ab15743 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_map.py:11
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b18503bac61f009e Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_map.py:22
        self.client = Firecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f1f5a4fe8d63874f Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_parse.py:8
API_KEY = (os.getenv("API_KEY") or "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bcbdafbe65e22970 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_parse.py:9
API_URL = (os.getenv("API_URL") or "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b6297b56a62f1414 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_scrape.py:11
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #afd0fefa41816b36 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_scrape.py:14
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3347ac101393d248 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_scrape.py:22
        self.client = Firecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #37858c9e49f2c5de Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_search.py:8
firecrawl = Firecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #19225d6a7c256265 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_usage.py:11
        self.client = Firecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cec7bf15c76c3e8e Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_watcher.py:8
if not os.getenv("API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #662043d78aa18c25 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_watcher.py:11
if not os.getenv("API_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c5d453930ccf98d2 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/e2e/v2/test_watcher.py:18
        self.client = Firecrawl(api_key=os.getenv("API_KEY"), api_url=os.getenv("API_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #676e172b27a0293f Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/unit/test_recursive_schema_v1.py:14
        self.app = V1FirecrawlApp(api_key=os.environ.get('TEST_API_KEY', 'test-key'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7fddd6ded5e07c61 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/unit/test_recursive_schema_v1.py:96
        self.app = V1FirecrawlApp(api_key=os.environ.get('TEST_API_KEY', 'test-key'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9c100c43c286d14a Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/unit/test_recursive_schema_v1.py:169
        self.app = V1FirecrawlApp(api_key=os.environ.get('TEST_API_KEY', 'test-key'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ad431f2c61423ad1 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/unit/test_recursive_schema_v1.py:306
        self.app = V1FirecrawlApp(api_key=os.environ.get('TEST_API_KEY', 'test-key'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1c8222ed20a8cb1f Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/unit/test_recursive_schema_v1.py:434
        self.app = V1FirecrawlApp(api_key=os.environ.get('TEST_API_KEY', 'test-key'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5b7d0f2b24d883fe Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/unit/test_recursive_schema_v1.py:523
        self.app = V1FirecrawlApp(api_key=os.environ.get('TEST_API_KEY', 'test-key'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f1c84095089857fa Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/unit/test_recursive_schema_v1.py:594
        self.app = V1FirecrawlApp(api_key=os.environ.get('TEST_API_KEY', 'test-key'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f8154b3c20295a95 Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/unit/test_recursive_schema_v1.py:638
        self.app = V1FirecrawlApp(api_key=os.environ.get('TEST_API_KEY', 'test-key'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #35f846d50ed7aedc Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/unit/test_recursive_schema_v1.py:750
        self.app = V1FirecrawlApp(api_key=os.environ.get('TEST_API_KEY', 'test-key'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5d73037ae6496e0c Environment-variable access.
pkgs/python/[email protected]/firecrawl/__tests__/unit/test_recursive_schema_v1.py:839
        self.app = V1FirecrawlApp(api_key=os.environ.get('TEST_API_KEY', 'test-key'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4148ef1b24c8cbd5 Filesystem access.
pkgs/python/[email protected]/firecrawl/__tests__/unit/v2/methods/test_parse_request_preparation.py:41
        file_path.write_text("<html><body>Path Upload</body></html>")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #885a037da98a6aa7 Filesystem access.
pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:32
      version_file = Path(os.path.join(package_path, '__init__.py')).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38407ffa09187bf7 Environment-variable access.
pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:447
        self.api_key = api_key or os.getenv('FIRECRAWL_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dab67dca2ad09574 Environment-variable access.
pkgs/python/[email protected]/firecrawl/firecrawl.backup.py:448
        self.api_url = api_url or os.getenv('FIRECRAWL_API_URL', 'https://api.firecrawl.dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47a6a40b14669191 Filesystem access.
pkgs/python/[email protected]/firecrawl/v1/client.py:33
      version_file = Path(os.path.join(package_path, '__init__.py')).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b299b013253a0c0 Environment-variable access.
pkgs/python/[email protected]/firecrawl/v1/client.py:529
        self.api_key = api_key or os.getenv('FIRECRAWL_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d740f86f3d2aff11 Environment-variable access.
pkgs/python/[email protected]/firecrawl/v1/client.py:530
        self.api_url = api_url or os.getenv('FIRECRAWL_API_URL', 'https://api.firecrawl.dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eafbd14336edfc1 Environment-variable access.
pkgs/python/[email protected]/firecrawl/v2/client.py:115
            api_key = os.getenv("FIRECRAWL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a24c1179ccc99495 Environment-variable access.
pkgs/python/[email protected]/firecrawl/v2/client_async.py:83
            api_key = os.getenv("FIRECRAWL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d72e1b6a8d993715 Filesystem access.
pkgs/python/[email protected]/firecrawl/v2/methods/parse.py:91
        file_bytes = file_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #109a9700e407beae Filesystem access.
pkgs/python/[email protected]/firecrawl/v2/utils/get_version.py:8
        version_file = (package_path / "__init__.py").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2834779764a71f1f Filesystem access.
pkgs/python/[email protected]/setup.py:7
long_description_content = (this_directory / "README.md").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4627fa0d20eb871 Filesystem access.
pkgs/python/[email protected]/setup.py:12
    version_file = (this_directory / "firecrawl" / "__init__.py").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mem0ai

python dependency
high pii_flow dependency Excluded from app score #a28c1a59eaf58422 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/mem0/client/main.py:128 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/mem0/client/main.py:105 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/mem0/client/main.py:128
            self.client = httpx.Client(
                base_url=self.host,
                headers={
                    "Authorization": f"Token {self.api_key}",
                    "Mem0-User-ID": self.user_id,
                },
                timeout=300,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #5a6b5fe37e9f881b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/mem0/client/main.py:1015 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/mem0/client/main.py:992 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/mem0/client/main.py:1015
            self.async_client = httpx.AsyncClient(
                base_url=self.host,
                headers={
                    "Authorization": f"Token {self.api_key}",
                    "Mem0-User-ID": self.user_id,
                },
                timeout=300,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #04ea395765af2462 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/mem0/client/main.py:1041 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/mem0/client/main.py:1044 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/mem0/client/main.py:1041
            response = requests.get(
                f"{self.host}/v1/ping/",
                headers={
                    "Authorization": f"Token {self.api_key}",
                    "Mem0-User-ID": self.user_id,
                },
                params=params,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #ef6b974dc5812806 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/mem0/llms/sarvam.py:81 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/mem0/llms/sarvam.py:47 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/mem0/llms/sarvam.py:81
            response = requests.post(url, headers=headers, json=params, timeout=30)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry dependency Excluded from app score #e5a4b0f0523604bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/mem0/memory/telemetry.py:9
from posthog import Posthog

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 78 low-confidence finding(s)
low env_fs dependency Excluded from app score #67ad1a1ced588a74 Environment-variable access.
pkgs/python/[email protected]/mem0/client/main.py:105
        self.api_key = api_key or os.getenv("MEM0_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cd09537255d8d2e Environment-variable access.
pkgs/python/[email protected]/mem0/client/main.py:992
        self.api_key = api_key or os.getenv("MEM0_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a31ab3320b9488d Environment-variable access.
pkgs/python/[email protected]/mem0/configs/base.py:13
mem0_dir = os.environ.get("MEM0_DIR") or os.path.join(home_dir, ".mem0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf2305a06f4da55f Environment-variable access.
pkgs/python/[email protected]/mem0/configs/embeddings/base.py:111
        self.aws_region = aws_region or os.environ.get("AWS_REGION") or "us-west-2"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97ed6cdc167c76bc Environment-variable access.
pkgs/python/[email protected]/mem0/configs/llms/aws_bedrock.py:58
        self.aws_region = aws_region or os.getenv("AWS_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1aefd439a6048aa Environment-variable access.
pkgs/python/[email protected]/mem0/configs/llms/aws_bedrock.py:101
            config["aws_access_key_id"] = self.aws_access_key_id or os.getenv("AWS_ACCESS_KEY_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a55957e7fc8c1f58 Environment-variable access.
pkgs/python/[email protected]/mem0/configs/llms/aws_bedrock.py:104
            config["aws_secret_access_key"] = self.aws_secret_access_key or os.getenv("AWS_SECRET_ACCESS_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90cb12d9900d7d86 Environment-variable access.
pkgs/python/[email protected]/mem0/configs/llms/aws_bedrock.py:107
            config["aws_session_token"] = self.aws_session_token or os.getenv("AWS_SESSION_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8eb670ae8ec3769d Environment-variable access.
pkgs/python/[email protected]/mem0/configs/llms/aws_bedrock.py:110
            config["profile_name"] = self.aws_profile or os.getenv("AWS_PROFILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ed9c85b4f1d4b23 Environment-variable access.
pkgs/python/[email protected]/mem0/configs/llms/gemini.py:61
            vertexai = os.getenv("GOOGLE_GENAI_USE_VERTEXAI", "").lower() in ("true", "1", "yes")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a325d5d9226e8df8 Environment-variable access.
pkgs/python/[email protected]/mem0/configs/llms/gemini.py:63
        self.project = project or os.getenv("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57f5033fed929ca2 Environment-variable access.
pkgs/python/[email protected]/mem0/configs/llms/gemini.py:64
        self.location = location or os.getenv("GOOGLE_CLOUD_LOCATION", "us-central1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f832d2120be12bf1 Environment-variable access.
pkgs/python/[email protected]/mem0/configs/vector_stores/pinecone.py:27
        if not api_key and not client and "PINECONE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ea55fe3952d5411 Environment-variable access.
pkgs/python/[email protected]/mem0/configs/vector_stores/turbopuffer.py:26
        if not api_key and "TURBOPUFFER_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29275d9c824d55bc Environment-variable access.
pkgs/python/[email protected]/mem0/configs/vector_stores/upstash_vector.py:27
        url = values.get("url") or os.environ.get("UPSTASH_VECTOR_REST_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acba10d5c28d12aa Environment-variable access.
pkgs/python/[email protected]/mem0/configs/vector_stores/upstash_vector.py:28
        token = values.get("token") or os.environ.get("UPSTASH_VECTOR_REST_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d70ff1eae0cab2fe Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/aws_bedrock.py:28
        aws_access_key = os.environ.get("AWS_ACCESS_KEY_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7efa09266ceb7f4 Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/aws_bedrock.py:29
        aws_secret_key = os.environ.get("AWS_SECRET_ACCESS_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e9df76c3bd51f9b Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/aws_bedrock.py:30
        aws_session_token = os.environ.get("AWS_SESSION_TOKEN", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b1e78cdf70235a7 Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/azure_openai.py:17
        api_key = self.config.azure_kwargs.api_key or os.getenv("EMBEDDING_AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d9a5c12bc78afbd Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/azure_openai.py:18
        azure_deployment = self.config.azure_kwargs.azure_deployment or os.getenv("EMBEDDING_AZURE_DEPLOYMENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11c3d0d0f28b9808 Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/azure_openai.py:19
        azure_endpoint = self.config.azure_kwargs.azure_endpoint or os.getenv("EMBEDDING_AZURE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #896f97fa00c629d3 Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/azure_openai.py:20
        api_version = self.config.azure_kwargs.api_version or os.getenv("EMBEDDING_AZURE_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a74f0aedf79214a Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/gemini.py:18
        api_key = self.config.api_key or os.getenv("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02ba33e0324406f0 Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/openai.py:21
        api_key = self.config.api_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf05fe34c48feb60 Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/openai.py:24
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2d656f6eebcbdfa Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/openai.py:25
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29782026c72d8c21 Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/openai.py:28
        if os.environ.get("OPENAI_API_BASE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e252e4978ebac18a Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/together.py:15
        api_key = self.config.api_key or os.getenv("TOGETHER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e858dd600da4173 Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/vertexai.py:36
                os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = credentials_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bb5240ff6b79b58 Environment-variable access.
pkgs/python/[email protected]/mem0/embeddings/vertexai.py:37
            elif not os.getenv("GOOGLE_APPLICATION_CREDENTIALS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71f3f6833754b18a Environment-variable access.
pkgs/python/[email protected]/mem0/llms/anthropic.py:40
        api_key = self.config.api_key or os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72b844a373254359 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/anthropic.py:41
        base_url = self.config.anthropic_base_url or os.getenv("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9de1e0dda1217bc Environment-variable access.
pkgs/python/[email protected]/mem0/llms/azure_openai.py:46
        api_key = self.config.azure_kwargs.api_key or os.getenv("LLM_AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7f18296038c1627 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/azure_openai.py:47
        azure_deployment = self.config.azure_kwargs.azure_deployment or os.getenv("LLM_AZURE_DEPLOYMENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ef3c75753aea2bd Environment-variable access.
pkgs/python/[email protected]/mem0/llms/azure_openai.py:48
        azure_endpoint = self.config.azure_kwargs.azure_endpoint or os.getenv("LLM_AZURE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d8be14bbbbac74f Environment-variable access.
pkgs/python/[email protected]/mem0/llms/azure_openai.py:49
        api_version = self.config.azure_kwargs.api_version or os.getenv("LLM_AZURE_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b97f40d1564918b9 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/azure_openai_structured.py:24
        api_key = self.config.azure_kwargs.api_key or os.getenv("LLM_AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #302e1eff9eda2d2c Environment-variable access.
pkgs/python/[email protected]/mem0/llms/azure_openai_structured.py:25
        azure_deployment = self.config.azure_kwargs.azure_deployment or os.getenv("LLM_AZURE_DEPLOYMENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e09930a1523cf34e Environment-variable access.
pkgs/python/[email protected]/mem0/llms/azure_openai_structured.py:26
        azure_endpoint = self.config.azure_kwargs.azure_endpoint or os.getenv("LLM_AZURE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72257385fbeff563 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/azure_openai_structured.py:27
        api_version = self.config.azure_kwargs.api_version or os.getenv("LLM_AZURE_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee3b7ea3ca6d9193 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/deepseek.py:39
        api_key = self.config.api_key or os.getenv("DEEPSEEK_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2915b2b535f4c82a Environment-variable access.
pkgs/python/[email protected]/mem0/llms/deepseek.py:40
        base_url = self.config.deepseek_base_url or os.getenv("DEEPSEEK_API_BASE") or "https://api.deepseek.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4447055d80adae26 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/gemini.py:42
            api_key = self.config.api_key or os.getenv("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58c0af2fd2cfff47 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/groq.py:25
        api_key = self.config.api_key or os.getenv("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db91fd0ea21402aa Environment-variable access.
pkgs/python/[email protected]/mem0/llms/minimax.py:39
        api_key = self.config.api_key or os.getenv("MINIMAX_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63ef05417caff6ff Environment-variable access.
pkgs/python/[email protected]/mem0/llms/minimax.py:42
            or os.getenv("MINIMAX_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afbe7af0ee4a5af9 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/openai.py:42
        if os.environ.get("OPENROUTER_API_KEY"):  # Use OpenRouter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd44528abf8c2e97 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/openai.py:44
                api_key=os.environ.get("OPENROUTER_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c2e40058a2b2935 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/openai.py:46
                or os.getenv("OPENROUTER_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c48fe985b67e168 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/openai.py:50
            api_key = self.config.api_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #783570a360f4497f Environment-variable access.
pkgs/python/[email protected]/mem0/llms/openai.py:51
            base_url = self.config.openai_base_url or os.getenv("OPENAI_BASE_URL") or "https://api.openai.com/v1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #429da79605c8731e Environment-variable access.
pkgs/python/[email protected]/mem0/llms/openai.py:113
        if os.getenv("OPENROUTER_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48d4ea80d57d8b3f Environment-variable access.
pkgs/python/[email protected]/mem0/llms/openai_structured.py:17
        api_key = self.config.api_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ec9043ea6501c80 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/openai_structured.py:18
        base_url = self.config.openai_base_url or os.getenv("OPENAI_API_BASE") or "https://api.openai.com/v1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80db491f036d27c2 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/sarvam.py:19
        self.api_key = self.config.api_key or os.getenv("SARVAM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff47aabaade251d9 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/sarvam.py:28
            getattr(self.config, "sarvam_base_url", None) or os.getenv("SARVAM_API_BASE") or "https://api.sarvam.ai/v1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21dc97c57686bb43 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/together.py:22
        api_key = self.config.api_key or os.getenv("TOGETHER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dba2b4850fee5918 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/vllm.py:39
        self.config.api_key = self.config.api_key or os.getenv("VLLM_API_KEY") or "vllm-api-key"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d66264fd8713157 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/vllm.py:40
        base_url = self.config.vllm_base_url or os.getenv("VLLM_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db5f5ac6f0b02387 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/xai.py:39
        api_key = self.config.api_key or os.getenv("XAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fda5491805f37c2 Environment-variable access.
pkgs/python/[email protected]/mem0/llms/xai.py:40
        base_url = self.config.xai_base_url or os.getenv("XAI_API_BASE") or "https://api.x.ai/v1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9abea278e6fd37f6 Environment-variable access.
pkgs/python/[email protected]/mem0/memory/setup.py:11
mem0_dir = os.environ.get("MEM0_DIR") or os.path.join(home_dir, ".mem0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fe2026130ee8e78 Filesystem access.
pkgs/python/[email protected]/mem0/memory/setup.py:27
        with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c81c9d40c346426d Environment-variable access.
pkgs/python/[email protected]/mem0/memory/telemetry.py:14
MEM0_TELEMETRY = os.environ.get("MEM0_TELEMETRY", "True")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82ec3406f7829068 Environment-variable access.
pkgs/python/[email protected]/mem0/memory/telemetry.py:48
MEM0_TELEMETRY_SAMPLE_RATE = _parse_sample_rate(os.environ.get("MEM0_TELEMETRY_SAMPLE_RATE", str(_DEFAULT_SAMPLE_RATE)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0fba9e46285d9c1 Environment-variable access.
pkgs/python/[email protected]/mem0/reranker/cohere_reranker.py:30
        self.api_key = config.api_key or os.getenv("COHERE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d528283e885033d Environment-variable access.
pkgs/python/[email protected]/mem0/reranker/zero_entropy_reranker.py:30
        self.api_key = config.api_key or os.getenv("ZERO_ENTROPY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7702a28a51944104 Filesystem access.
pkgs/python/[email protected]/mem0/utils/gcp_auth.py:60
            with open(credentials_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03cdba38796a0bcf Environment-variable access.
pkgs/python/[email protected]/mem0/utils/gcp_auth.py:65
        elif os.getenv("GOOGLE_APPLICATION_CREDENTIALS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21c83915864a7acc Environment-variable access.
pkgs/python/[email protected]/mem0/utils/gcp_auth.py:66
            env_path = os.getenv("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51c79e1a1878b129 Filesystem access.
pkgs/python/[email protected]/mem0/utils/gcp_auth.py:72
                with open(env_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #564cd38ecdc1a745 Environment-variable access.
pkgs/python/[email protected]/mem0/utils/gcp_auth.py:126
        final_project_id = project_id or detected_project_id or os.getenv("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bc024f48d917f47 Filesystem access.
pkgs/python/[email protected]/mem0/vector_stores/faiss.py:76
    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cacfacf86af18865 Filesystem access.
pkgs/python/[email protected]/mem0/vector_stores/faiss.py:194
                with open(json_docstore_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #214b4187fcf4284c Filesystem access.
pkgs/python/[email protected]/mem0/vector_stores/faiss.py:245
            with open(json_docstore_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3a68d4dfefb2044 Environment-variable access.
pkgs/python/[email protected]/mem0/vector_stores/pinecone.py:61
            api_key = api_key or os.environ.get("PINECONE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78b0960e6a1738e7 Environment-variable access.
pkgs/python/[email protected]/mem0/vector_stores/turbopuffer.py:49
        api_key = api_key or os.environ.get("TURBOPUFFER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

databricks-sdk

python dependency
high pii_flow dependency Excluded from app score #bd3b8005bb9b2ae1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/databricks/sdk/config.py:602 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/databricks/sdk/config.py:600 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/databricks/sdk/config.py:602
            response = requests.get(f"{self.host}/api/2.0/preview/scim/v2/Me", headers=headers)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #ab5662a4e2c6537c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:341 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:340 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:341
    resp = requests.get(
        f"{arm}{cfg.azure_workspace_resource_id}?api-version=2018-04-01",
        headers={"Authorization": f"Bearer {token.access_token}"},
    )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #79dd134ac0ecfd1d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:23 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:21 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:23
        response = requests.get(endpoint, headers=headers)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 42 low-confidence finding(s)
low env_fs dependency Excluded from app score #5feea2c53c7a0599 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/config.py:565
            if attr.env and os.environ.get(attr.env):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bf3b368d84920ba Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/config.py:569
                    if os.environ.get(alias):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6e2dea557fd1865 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/config.py:731
            value = os.environ.get(attr.env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a600979ded89ddf9 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/config.py:734
                    value = os.environ.get(alias)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d095c64dcb4a886f Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:159
    if "DATABRICKS_RUNTIME_VERSION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37871b31da226c4b Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:203
    if "DATABRICKS_RUNTIME_VERSION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94c7eba494e38d08 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:538
    if "ACTIONS_ID_TOKEN_REQUEST_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c37a6333805dc4c Filesystem access.
pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:593
        with io.open(cfg.google_credentials, "r", encoding="utf-8") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1202844cdeea6d5 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:1195
        for dir in os.getenv("PATH", default="").split(os.path.pathsep):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d031100fbcdd1150 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:1329
            os.environ.get("IS_IN_DB_MODEL_SERVING_ENV")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f038aafac4893f98 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:1330
            or os.environ.get("IS_IN_DATABRICKS_MODEL_SERVING_ENV")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f37c937f56f8894 Filesystem access.
pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:1343
            with open(ModelServingAuthProvider._MODEL_DEPENDENCY_OAUTH_TOKEN_FILE_PATH) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f00c2afde981fa0 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/credentials_provider.py:1379
        host = os.environ.get("DATABRICKS_MODEL_SERVING_HOST_URL") or os.environ.get("DB_MODEL_SERVING_HOST_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25743b556b469d5e Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/dbutils.py:275
    value = os.getenv("DATABRICKS_SOURCE_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d617cf80b1cbe8b Filesystem access.
pkgs/python/[email protected]/databricks/sdk/mixins/files.py:1165
        with open(destination, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63d044d9a81c47ff Filesystem access.
pkgs/python/[email protected]/databricks/sdk/mixins/files.py:1204
                    with open(temp_file, "r+b") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4df680a044768be Filesystem access.
pkgs/python/[email protected]/databricks/sdk/mixins/files.py:1505
            with open(source_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b1979a2e940d91e Filesystem access.
pkgs/python/[email protected]/databricks/sdk/mixins/files.py:1654
                with open(ctx.source_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecf45795e7681706 Filesystem access.
pkgs/python/[email protected]/databricks/sdk/mixins/files.py:1669
            with open(ctx.source_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8928c489c4b19ebc Filesystem access.
pkgs/python/[email protected]/databricks/sdk/mixins/files.py:1694
        with open(ctx.source_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16a0e4dc41fe1fc1 Filesystem access.
pkgs/python/[email protected]/databricks/sdk/mixins/files.py:1883
                with open(part.ctx.source_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9338fe4ae2a2974d Filesystem access.
pkgs/python/[email protected]/databricks/sdk/oauth.py:980
            with open(self.filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38fd945b17ec4a39 Filesystem access.
pkgs/python/[email protected]/databricks/sdk/oauth.py:997
        with open(self.filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db22b589d109e7a5 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/oidc.py:78
        token = os.getenv(self.env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6be8e9c77bb89ffe Filesystem access.
pkgs/python/[email protected]/databricks/sdk/oidc.py:114
            with open(self.path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f07649a1f3b70929 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:17
        if "ACTIONS_ID_TOKEN_REQUEST_TOKEN" not in os.environ or "ACTIONS_ID_TOKEN_REQUEST_URL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f74034c1c1d1727 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:21
        headers = {"Authorization": f"Bearer {os.environ['ACTIONS_ID_TOKEN_REQUEST_TOKEN']}"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48626023223e3387 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:22
        endpoint = f"{os.environ['ACTIONS_ID_TOKEN_REQUEST_URL']}&audience={audience}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c101940535ff164 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:46
        self.access_token = os.environ.get("SYSTEM_ACCESSTOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cffb063a60e6d8e5 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:47
        self.collection_uri = os.environ.get("SYSTEM_TEAMFOUNDATIONCOLLECTIONURI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b520515f00ec074a Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:48
        self.project_id = os.environ.get("SYSTEM_TEAMPROJECTID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19c32240f178d636 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:49
        self.plan_id = os.environ.get("SYSTEM_PLANID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c10160b33c5d318 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:50
        self.job_id = os.environ.get("SYSTEM_JOBID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f953d993e95d97e Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/oidc_token_supplier.py:51
        self.hub_name = os.environ.get("SYSTEM_HOSTTYPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1444b6df8503be3a Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/useragent.py:119
    product = os.getenv("DATABRICKS_SDK_UPSTREAM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12ea88c64f75b9fb Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/useragent.py:120
    version = os.getenv("DATABRICKS_SDK_UPSTREAM_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c83cebe1faf37fbe Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/useragent.py:128
    if "DATABRICKS_RUNTIME_VERSION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #293c2634d202e707 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/useragent.py:129
        runtime_version = os.environ["DATABRICKS_RUNTIME_VERSION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f4af4fa4058bdaf Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/useragent.py:222
            v = os.getenv(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c55acc1b8cc5bd51 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/useragent.py:312
    matches = [a.product for a in _KNOWN_AGENTS if a.env_var in os.environ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29abcf1815b679c4 Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/useragent.py:332
    v = os.environ.get("AGENT") or os.environ.get("AI_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d7cba635d89d2ce Environment-variable access.
pkgs/python/[email protected]/databricks/sdk/useragent.py:362
    matches = [h.product for h in _KNOWN_META_HARNESSES if h.env_var in os.environ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anthropic

python dependency
high pii_flow dependency Excluded from app score #12afc96a27182bc3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384
            self._owned_http_client = httpx.Client(timeout=TOKEN_EXCHANGE_TIMEOUT)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #662494562550491b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179
            self._http_client = httpx.Client(timeout=TOKEN_EXCHANGE_TIMEOUT)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 90 low-confidence finding(s)
low env_fs tooling reachable #0b11f54c3b76e2da Environment-variable access.
pkgs/python/[email protected]/examples/agents.py:9
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #aec44075ee5d3e38 Environment-variable access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:18
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #adaa9e9114b3ed40 Environment-variable access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:20
    github_token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7381bfa5fe188699 Filesystem access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:47
    with open(skill_md_path, "rb") as skill_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2bfa84a1469ab433 Environment-variable access.
pkgs/python/[email protected]/examples/agents_with_files.py:10
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e4e6675beeead778 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-observe-tool-calls.py:46
    val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3314d5eaa380b9c8 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-observe-tool-calls.py:64
    workdir = os.environ.get("ANTHROPIC_WORKDIR", ".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8e35768b3cfe8cb0 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-self-hosted-sandbox-worker.py:48
    val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #542bec9c3403387d Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-self-hosted-sandbox-worker.py:60
    workdir = os.environ.get("ANTHROPIC_WORKDIR", ".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c66240b0b36d0855 Environment-variable access.
pkgs/python/[email protected]/examples/workload_identity.py:70
        identity_token_provider=lambda: os.environ["ANTHROPIC_IDENTITY_TOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f0a4c0963cde4d2 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:107
    if api_key is not None and os.environ.get("ANTHROPIC_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae32f2b938308fb0 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:109
    if auth_token is not None and os.environ.get("ANTHROPIC_AUTH_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e6b0f291e01aa63 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:214
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f7adc9ecd1a3a25 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:215
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2318177b13b71012 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:221
            webhook_key = os.environ.get("ANTHROPIC_WEBHOOK_SIGNING_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cc94b116cf1ecd8 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:225
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22453f29f38086cf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:234
        custom_headers_env = os.environ.get("ANTHROPIC_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51b2e130ee640abf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:631
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a55b1f84a5efdea Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:632
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64a72c72b45293fa Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:638
            webhook_key = os.environ.get("ANTHROPIC_WEBHOOK_SIGNING_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff775fa4410fc9c5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:642
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f60bdd8f38b64e1a Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:651
        custom_headers_env = os.environ.get("ANTHROPIC_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4d0cec3f1033b25 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a27ec17873fa83e3 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #724ef8efdf1d1e4f Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e0234a76f9a9c50 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8a6633f99b70b3b Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:464
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b3391898d4a6c89 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:477
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #850ca6fa53230bbe Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f649cdf4bf51069 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:537
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df9c7fadfcf00b0e Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:579
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41f4680b2f38f53a Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_utils/_logs.py:17
    env = os.environ.get("ANTHROPIC_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0afb6516dc81e96 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:250
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d438b6975ed37722 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:418
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94fbc3be7b0a3091 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04aee4345eae984b Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:25
        files.append((path.relative_to(relative_to).as_posix(), path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b38ebf433b7d6e4 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:42
        files.append((path.relative_to(relative_to).as_posix(), await path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df006ee3154c55ca Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/aws/_credentials.py:25
        value = os.environ.get(var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e4fe2fb37b6f022 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/aws/_credentials.py:90
    return os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f94e9a43926caad Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:77
    aws_region = os.environ.get("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99f6fc0d4b25fea3 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:165
            api_key = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ac9cf92e4edbe90 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:190
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f184e7c8e1c511c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:345
            api_key = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3e59ecde10e6e02 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:370
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43af0595bba8e5e5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_mantle.py:144
        base_url = os.environ.get("ANTHROPIC_BEDROCK_MANTLE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52a3c74cf6ccf823 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:33
    federation_rule_id = os.environ.get(ENV_FEDERATION_RULE_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed920e9dd884da03 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:34
    organization_id = os.environ.get(ENV_ORGANIZATION_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abfd4e3d90d3d31d Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:35
    has_literal_token = ENV_IDENTITY_TOKEN in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdef80a65acf7422 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:50
            value = os.environ.get(ENV_IDENTITY_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca609ee823404b21 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:65
        service_account_id=os.environ.get(ENV_SERVICE_ACCOUNT_ID),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2cf17dbe651e134 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:69
        workspace_id=os.environ.get(ENV_WORKSPACE_ID) or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17a72a34d3a127c8 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:70
        scope=os.environ.get(ENV_SCOPE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b409fc8540a30d0 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:108
    if os.environ.get(ENV_API_KEY):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96c4894c0b9dcebf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:112
    auth_token = os.environ.get(ENV_AUTH_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4a50bd28e8f6b1e Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:119
    env_explicit = bool(os.environ.get(ENV_PROFILE) or os.environ.get(ENV_CONFIG_DIR))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9276c2a253ffe777 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:78
    env = os.environ.get(ENV_CONFIG_DIR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70d4d1fd170ad619 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:82
        appdata = os.environ.get("APPDATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8029e0df9b6d3af5 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:92
        name = (_config_dir() / "active_config").read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8322ad5c8632fb63 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:105
    env = os.environ.get(ENV_PROFILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a6df73f688dd581 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:224
    env = os.environ.get(ENV_IDENTITY_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8870ade654fe0cf1 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:240
    if os.environ.get(ENV_PROFILE) or os.environ.get(ENV_CONFIG_DIR):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eeeff70fa0d51285 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:244
    if os.environ.get(ENV_FEDERATION_RULE_ID) and os.environ.get(ENV_ORGANIZATION_ID):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a94beff424a00ec0 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:245
        if os.environ.get(ENV_IDENTITY_TOKEN_FILE) or os.environ.get(ENV_IDENTITY_TOKEN):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d1551165052e344 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:88
            v = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58ffa8b1a8ede346 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:102
            v = os.environ.get(ENV_IDENTITY_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f3c24eef77b7314 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:128
        value = os.environ.get(self._env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0901ca00a229ee59 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:276
            raw = self._config_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9d1dadefd450e24 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:357
            raw = path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbf7647db3274382 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:692
            content = self._path.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #787635bbe6c7437f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/environments/_worker.py:160
    resolved = value or os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da02728aae6c5a83 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:157
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8700dcbd39fb202 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:158
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd7d794162994da3 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:159
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48e134962e89489d Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:382
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76f10797075b28a8 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:383
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d278845e2f46ceb Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:384
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8119fd858ee6e1b9 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:356
        return full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4a3374098e8d742c Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:653
        return await full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #6ca7043a24d55eea Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_skills.py:138
                with zf.open(info) as src, open(target, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #04cf30d7f5db5685 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_skills.py:164
            with extracted as src, open(target, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #87bbd5109285e58a Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:123
    return {k: v for k, v in os.environ.items() if not k.startswith("ANTHROPIC_")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #109fbee82c2996ac Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:512
            text = target.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3e24180a9826da52 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:540
            target.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a563ee8df6982769 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:570
            text = target.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #def2a6110082750b Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:582
            target.write_text(updated)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a28edcf06314d12 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:46
        project_id = os.environ.get("ANTHROPIC_VERTEX_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c34f2839c53e4d03 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:114
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2e0480c0d8e7af1 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:121
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a414c5a044bcd30 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:278
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bab9067ff2907419 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:285
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openai

python dependency
high pii_flow dependency Excluded from app score #8190982f24c0a9f8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:278 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/openai/lib/azure.py:239 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/openai/lib/azure.py:278
        self._azure_endpoint = httpx.URL(azure_endpoint) if azure_endpoint else None

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #e8793bddf2f34448 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:602 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/openai/lib/azure.py:563 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/openai/lib/azure.py:602
        self._azure_endpoint = httpx.URL(azure_endpoint) if azure_endpoint else None

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 63 low-confidence finding(s)
low env_fs tooling reachable #2eacdda9fafc85ea Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:30
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #323c3ae07d00a6b0 Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:41
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #65bda5971e3329a8 Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:31
    endpoint = os.environ["AZURE_OPENAI_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #76c1659ced80395c Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:37
    deployment_name = os.environ["AZURE_OPENAI_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c15147639ccc8226 Filesystem access.
pkgs/python/[email protected]/examples/uploads.py:30
    data = file.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9a28b304bb693dc Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:158
api_type: _ApiType | None = _t.cast(_ApiType, _os.environ.get("OPENAI_API_TYPE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #318829fdf5c9e30d Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:160
api_version: str | None = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #015881767e1feddc Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:162
azure_endpoint: str | None = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54eaec68df448539 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:164
azure_ad_token: str | None = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8945619ff3a95723 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:338
    return _os.environ.get("OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64c3c5969cac997d Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:342
    return azure_endpoint is not None or _os.environ.get("AZURE_OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #791b3eb449c596ad Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:347
        _os.environ.get("AZURE_OPENAI_AD_TOKEN") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af3c7ed8f7298370 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:363
            azure_endpoint = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af7e0309de846d57 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:366
            azure_ad_token = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #894dea95627865fc Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:369
            api_version = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #420c050baf6e98d8 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:379
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be02f4d55afd0c6c Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:379
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(
                "AZURE_OPENAI_API_KEY"
            ) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #563a674e638116f7 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:209
                api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2091c1357f5ffae3 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:219
            admin_api_key = os.environ.get("OPENAI_ADMIN_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5774e8bc863b041e Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:235
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee9600c3cb7711e6 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:239
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb5f150ee0d1e8c Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:243
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be403125165e22c9 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:251
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc12e97ce6893a0d Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:255
        custom_headers_env = os.environ.get("OPENAI_CUSTOM_HEADERS") if provider_runtime is None else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58d7b27a03b50b9a Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:805
                api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #127c82a8acf9339c Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:815
            admin_api_key = os.environ.get("OPENAI_ADMIN_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ad46a57aba132ee Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:831
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56d6a7bc41df42d1 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:835
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6a2f8301d6acd1f Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:839
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a53e349aff9b6ea Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:847
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e5dc615801a378d Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:851
        custom_headers_env = os.environ.get("OPENAI_CUSTOM_HEADERS") if provider_runtime is None else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1284cd4c5ec8a09 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4663630af7d3f7d9 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f6f3f79fd8250d6 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69401b1ea6a0ea7a Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #022cb15da63df70d Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:441
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f605c138940651ac Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:454
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b04dbebe1f407eab Environment-variable access.
pkgs/python/[email protected]/src/openai/_models.py:129
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e2b51d1e76bdd3e Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:513
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b0cc769d6238253 Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:555
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bfec5065921271d Environment-variable access.
pkgs/python/[email protected]/src/openai/_utils/_logs.py:23
    env = os.environ.get("OPENAI_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3b906aefeb9f694 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e77557bbef0febee Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ed4d87ea1c59ed2 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_utils.py:383
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47e16ad1657ba2be Filesystem access.
pkgs/python/[email protected]/src/openai/auth/_workload.py:58
            with open(token_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd2096aa99aec6eb Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/_bedrock_auth.py:172
        region = os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #662d41d37bc6293a Filesystem access.
pkgs/python/[email protected]/src/openai/lib/_validators.py:485
                with open(fname, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29594ff5923ff814 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:214
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #683cd81cc6ab0e92 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:217
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4be5d5f8774bc26 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:225
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8896f850f8ac586 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:239
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b36aa706435e7a93 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:538
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9edcf35927addc0c Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:541
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90e7777fa51045c0 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:549
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbb62b5f74b333d5 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:563
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b23eee79193a5c6 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/bedrock.py:70
    configured = region or os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc9a4e59c0ad8573 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/bedrock.py:80
    environment_base_url = os.environ.get("AWS_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f136bb5fd5a5170 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/bedrock.py:105
    token = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1cc394e509777d7 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/bedrock.py:150
    environment_token = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eda6c8fc9bb4c8c Environment-variable access.
pkgs/python/[email protected]/src/openai/providers/bedrock.py:248
            token = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #932e7945610ddc64 Environment-variable access.
pkgs/python/[email protected]/src/openai/providers/bedrock.py:331
            os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de85efb584ccb404 Environment-variable access.
pkgs/python/[email protected]/src/openai/providers/bedrock.py:338
        environment_base_url = _normalize_optional_string(os.environ.get("AWS_BEDROCK_BASE_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b82e1995da92c1a8 Environment-variable access.
pkgs/python/[email protected]/src/openai/providers/bedrock.py:391
        and bool(os.environ.get("AWS_BEARER_TOKEN_BEDROCK"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tavily-python

python dependency
high pii_flow dependency Excluded from app score #f53b627f22af9457 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/tavily/async_tavily.py:113 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/tavily/async_tavily.py:106 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/tavily/async_tavily.py:113
                {scheme: httpx.AsyncHTTPTransport(proxy=proxy) for scheme, proxy in mapped_proxies.items()}

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #c89d014ae8b887cf User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/tavily/async_tavily.py:118 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/tavily/async_tavily.py:59 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/tavily/async_tavily.py:118
            self._client = httpx.AsyncClient(
                headers=default_headers,
                base_url=self._api_base_url,
                mounts=proxy_mounts
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #67ffa7b61e5f98be Filesystem access.
pkgs/python/[email protected]/setup.py:3
with open('README.md', 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b685ed03b7bcc34 Environment-variable access.
pkgs/python/[email protected]/tavily/async_tavily.py:59
            api_key = os.getenv("TAVILY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #843bc03c4e914874 Environment-variable access.
pkgs/python/[email protected]/tavily/async_tavily.py:65
        tavily_project = project_id or os.getenv("TAVILY_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e154f7515edc916 Environment-variable access.
pkgs/python/[email protected]/tavily/async_tavily.py:66
        tavily_org = org_id or os.getenv("TAVILY_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9510ba4e0b3dd193 Environment-variable access.
pkgs/python/[email protected]/tavily/async_tavily.py:106
                "http://": proxies.get("http", os.getenv("TAVILY_HTTP_PROXY")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1d12270d818905e Environment-variable access.
pkgs/python/[email protected]/tavily/async_tavily.py:107
                "https://": proxies.get("https", os.getenv("TAVILY_HTTPS_PROXY")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e5f3555077d7d97 Environment-variable access.
pkgs/python/[email protected]/tavily/tavily.py:59
            api_key = os.getenv("TAVILY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6165aacd4e836869 Environment-variable access.
pkgs/python/[email protected]/tavily/tavily.py:64
            "http": proxies.get("http") if proxies else os.getenv("TAVILY_HTTP_PROXY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8a96cd928a8e5e4 Environment-variable access.
pkgs/python/[email protected]/tavily/tavily.py:65
            "https": proxies.get("https") if proxies else os.getenv("TAVILY_HTTPS_PROXY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef25edeb561f388d Environment-variable access.
pkgs/python/[email protected]/tavily/tavily.py:69
        tavily_project = project_id or os.getenv("TAVILY_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26f90d4d1f7fe3fa Environment-variable access.
pkgs/python/[email protected]/tavily/tavily.py:70
        tavily_org = org_id or os.getenv("TAVILY_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

crewai-cli

python dependency
high pii_flow dependency Excluded from app score #963a61f4dcf9d4f6 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:551 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:550 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:551
    response = httpx.get(
        url,
        headers=headers,
        params=params,
        timeout=_TIMEOUT,
        verify=ssl_config,
        follow_redirects=True,
    )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 73 low-confidence finding(s)
low env_fs dependency Excluded from app score #a87223471190693b Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/checkpoint_cli.py:85
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b529d5d8f946008 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/checkpoint_cli.py:233
            with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26b68a6fdfe9239b Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/checkpoint_cli.py:254
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2262159210e6512e Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/checkpoint_cli.py:265
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f22d84e03d690988 Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/cli.py:694
    if os.environ.get("CREWAI_EXPERIMENTAL") != "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0bf61d07118382a Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/cli.py:956
    crewai_tracing = os.getenv("CREWAI_TRACING_ENABLED", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #658c70ff257908af Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/cli.py:970
    crewai_testing = os.getenv("CREWAI_TESTING", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f58723c165bf8d6a Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/cli.py:974
    crewai_user_id = os.getenv("CREWAI_USER_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dd7dd29d83df4d9 Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/cli.py:978
    crewai_org_id = os.getenv("CREWAI_ORG_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e39a1a708d6cd32 Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/cli.py:1072
    env_enabled = os.getenv("CREWAI_TRACING_ENABLED", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51b7831b615ae58f Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_crew.py:32
    with open(template_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #779a7d7095c68426 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_flow.py:47
    with open(project_root / ".env", "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cffdf93154ccbba4 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_flow.py:70
            with open(src_file, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #898e7656be6abf23 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_flow.py:83
        with open(dst_file, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fe2253e663547ee Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_flow.py:142
        content = src_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb5760ef0a95b0bb Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_flow.py:149
        dst_file.write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d3b4a38957f8966 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_flow.py:151
    (project_root / ".env").write_text("OPENAI_API_KEY=YOUR_API_KEY", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95871a6f7a7880bf Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_flow.py:152
    (package_root / "__init__.py").write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15d162063bee53db Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_flow.py:154
        (package_root / folder / ".gitkeep").write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #040133d51262efb6 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_json_crew.py:830
    path.write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40a07f3f707969c9 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_json_crew.py:932
    (folder_path / "pyproject.toml").write_text(
        _render_json_crew_template(
            "pyproject.toml",
            {
                "folder_name": folder_name,
                "name": name,
                "crewai_tools_dependency": get_crewai_tools_dependency(),
            },
        ),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47546e0ba3d5fc07 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_json_crew.py:945
    (folder_path / ".gitignore").write_text(
        _render_json_crew_template(".gitignore"),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c693d8de0fa861f Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_json_crew.py:951
    (folder_path / "README.md").write_text(
        _render_json_crew_template("README.md", {"name": name}),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84b835f17da64b28 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_json_crew.py:957
    (folder_path / "knowledge" / "user_preference.txt").write_text(
        _render_json_crew_template("knowledge/user_preference.txt"),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f20ab60d33ea8bb Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/create_json_crew.py:963
    (folder_path / "skills" / ".gitkeep").write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a760af540883822a Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/crew_run_tui.py:67
            content = env_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #503be5abc9e17e3e Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/crew_run_tui.py:71
            env_file.write_text(f"{content}{sep}{key}=true\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc6234b4e05b680a Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/crew_run_tui.py:73
            env_file.write_text(f"{key}=true\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #005764ea3e5b427a Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/deploy/validate.py:286
            referenced.update(pattern.findall(crew_path.read_text(errors="ignore")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bc0afa8f0a6073e Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/deploy/validate.py:296
                    pattern.findall(agent_path.read_text(errors="ignore"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42944696f9eb4a06 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/deploy/validate.py:305
                text = py_path.read_text(encoding="utf-8", errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c00cbb0f7f792489 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/deploy/validate.py:321
            for line in env_file.read_text(errors="ignore").splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5deb87dc049bb17e Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/deploy/validate.py:332
            and var not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #207c6817d74e1554 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/deploy/validate.py:873
                text = path.read_text(encoding="utf-8", errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e727f7e47ac977a Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/deploy/validate.py:880
                text = path.read_text(encoding="utf-8", errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b847bd1a74c2ef8 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/deploy/validate.py:888
            for line in env_file.read_text(errors="ignore").splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42026a0745710e99 Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/deploy/validate.py:899
            and var not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d90282779586ff26 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/deploy/validate.py:931
            text = lockfile.read_text(errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71cbe5b77d786c47 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/experimental/skills/main.py:66
        skill_md.write_text(_SKILL_MD_TEMPLATE.format(name=name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bd4c535cc393236 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/experimental/skills/main.py:173
                (cache_dir / ".crewai_meta.json").write_text(json.dumps(meta, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd7f516b3f428138 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/experimental/skills/main.py:189
            frontmatter = self._parse_frontmatter(skill_md.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d24ddef26dd29b0f Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/experimental/skills/main.py:280
                            meta = json.loads(meta_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11299edb4ea64044 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/experimental/skills/main.py:371
            fm = self._parse_frontmatter(skill_md.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e76e378e70177054 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/git.py:166
        existing = exclude_file.read_text() if exclude_file.exists() else ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4014cf7311b10416 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/git.py:178
        exclude_file.write_text(
            f"{existing}{prefix}# CrewAI deploy auto-commit excludes\n{patterns}\n"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6cd3cc55eec9a3a Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:79
        value = os.environ.get(env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51ef240f69f1ba0b Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:302
        os.environ.get("OLLAMA_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ae8bc5e4a41f2d5 Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:303
        or os.environ.get("API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e25c28aa772ace4 Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:304
        or os.environ.get("OLLAMA_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eae745d6c6e89f4 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:414
        cache_file.write_text(json.dumps(data), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9508922dbc612186 Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:550
    ssl_config = os.environ.get("SSL_CERT_FILE") or certifi.where()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16d2577379a3a908 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:585
        data: dict[str, Any] = json.loads(path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f104f0c918401d3e Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/model_catalog.py:673
        cache_file.write_text(json.dumps(payload), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06018a0dea406139 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/provider.py:149
        with open(cache_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #185f1ee824c5d3dd Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/provider.py:165
    ssl_config = os.environ["SSL_CERT_FILE"] = certifi.where()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87657725ddf4a0d6 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/provider.py:171
            with open(cache_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #fdd6f221ade19e24 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/crewai_cli/remote_template/main.py:166
                response = httpx.get(url, params=params, timeout=15)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a02032a103ca5b64 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/remote_template/main.py:249
                    with zf.open(member) as src, open(target, "wb") as dst:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c434c22e1527035 Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/run_crew.py:321
        os.environ[CREWAI_TRAINED_AGENTS_FILE_ENV] = trained_agents_file

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec714c9e7ddf9a6e Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/run_declarative_flow.py:319
    return os.environ.get("UV_RUN_RECURSION_DEPTH") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2cedec8996c180c Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/settings/main.py:45
        env_tracing = os.getenv("CREWAI_TRACING_ENABLED", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59bf847b2b8246e1 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/templates/flow/main.py:49
        with open(output_dir / "post.md", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cc5fddb8c14bdd9b Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/tools/main.py:147
        build_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b20256daa22ca94b Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/tools/main.py:180
            with open(tarball_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e92bc1b7b3c8597 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/update_crew.py:96
    with open(output_file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99d4b5d1db117a90 Environment-variable access.
pkgs/python/[email protected]/src/crewai_cli/utils.py:53
    value = os.environ.get("CREWAI_DMN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #172ff1cf678f4340 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/utils.py:86
    with open(dst, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c4a57d50ffca77f Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/utils.py:94
    content = src.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63cfd623783394f9 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/utils.py:104
        with open(env_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68ca66ec98be02fb Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/utils.py:142
            with open(filepath, "r", encoding="utf-8", errors="ignore") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #794c93ccf0ec32b2 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/utils.py:144
            with open(filepath, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f8178a107651992 Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/utils.py:165
        with open(env_file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f0e0c9239cfbb0f Filesystem access.
pkgs/python/[email protected]/src/crewai_cli/utils.py:176
    with open(env_file_path, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mcp

python dependency
high pii_flow dependency Excluded from app score #0f7c875c4232322c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
        return httpx.Request("POST", token_url, data=refresh_data, headers=headers)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 31 low-confidence finding(s)
low env_fs dependency Excluded from app score #865174870cbd5128 Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:72
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5525a4c4a12d5202 Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:281
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac6b6c588cd5cdef Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:349
    scenario = os.environ.get("MCP_CONFORMANCE_SCENARIO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1d4a693e0ab7a162 Environment-variable access.
pkgs/python/[email protected]/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py:50
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a58ffe002091e1df Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:343
    server_url = os.getenv("MCP_SERVER_PORT", 8000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #db2d5e28e35d41e1 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:344
    transport_type = os.getenv("MCP_TRANSPORT_TYPE", "streamable-http")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bf038cb43bc43b7a Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:345
    client_metadata_url = os.getenv("MCP_CLIENT_METADATA_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8b0267eac2577248 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:24
        self.api_key = os.getenv("LLM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0603cadbea8631b4 Filesystem access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:45
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0c8e810c075c8022 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:83
            env={**os.environ, **self.config["env"]} if self.config.get("env") else None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #43666cd2dd4b5aa2 Filesystem access.
pkgs/python/[email protected]/examples/fastmcp/icons_demo.py:14
icon_data = base64.standard_b64encode(icon_path.read_bytes()).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #90bd83b35674553d Environment-variable access.
pkgs/python/[email protected]/examples/fastmcp/memory.py:52
PROFILE_DIR = (Path.home() / ".fastmcp" / os.environ.get("USER", "anon") / "memory").resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1e525adc370fac8e Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/completion_client.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7539ab670e30b236 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/display_utilities.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #707c15ec0686c14d Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/stdio_client.py:19
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5d801e249e0c6a77 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/binary_resources.py:9
    with open("logo.png", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1669284e31497358 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results.py:10
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e8405aa459ff3415 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results_binary.py:12
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5ef0dec565516c6f Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/prompt_embedded_resources.py:11
    file_content = open(filename).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d2048b4bcc5ce64e Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/tool_errors.py:27
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2010984e57940774 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:53
        code = file.read_text().rstrip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0e69ec2fbd26fbc4 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:109
    content = doc_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d70910ba966e7273 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:134
            doc_path.write_text(updated_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bde5528ac82a205 Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:24
        path = Path(os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"), "Claude")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cff53bb1aaad1f0 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:77
            config_file.write_text("{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07aff5e41584e796 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:88
        config = json.loads(config_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c09223513dcd2c3 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:135
        config_file.write_text(json.dumps(config, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #830b933a2986b025 Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/cli.py:282
            env=dict(os.environ.items()),  # Convert to list of tuples for env update

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c15441523a9ef246 Environment-variable access.
pkgs/python/[email protected]/src/mcp/client/stdio/__init__.py:59
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44e729718680f1f8 Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:47
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3edb66d39425fea Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:94
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pymongo

python dependency
high pii_flow tooling reachable #83aada2b026fd040 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:116 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:111 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:116
    with request.urlopen(request.Request(url), timeout=15.0) as response:  # noqa: S310

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 112 low-confidence finding(s)
low env_fs tooling reachable #5e5e6cb0c949753e Filesystem access.
pkgs/python/[email protected]/.evergreen/scripts/generate_config_utils.py:292
    data = target.read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #aeabcb0a9f30c5c9 Filesystem access.
pkgs/python/[email protected]/.evergreen/scripts/generate_config_utils.py:321
    data = target.read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a1d6cf428bbf534e Filesystem access.
pkgs/python/[email protected]/.evergreen/scripts/generate_config_utils.py:354
    data = target.read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #677a660dc0bc5052 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/kms_tester.py:64
    base_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ced6d402fd6b1d89 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/kms_tester.py:99
            os.environ["AZUREKMS_VMNAME_PREFIX"] = "PYTHON_DRIVER"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5b9073510a30daed Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/kms_tester.py:102
            os.environ[

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #aebf1021a743e2e1 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/kms_tester.py:102
            os.environ[
                "AZUREKMS_IMAGE"
            ] = "Canonical:0001-com-ubuntu-server-jammy:22_04-lts-gen2:latest"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ab9340110bca5279 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/kms_tester.py:106
            os.environ["GCPKMS_IMAGEFAMILY"] = "debian-12"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #07e485c61145cee3 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/kms_tester.py:128
        key_name = os.environ["KEY_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #24bddaf6daa8c43c Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/kms_tester.py:129
        key_vault_endpoint = os.environ["KEY_VAULT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b75de1347f0eb319 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/mod_wsgi_tester.py:26
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #303143cf806754d4 Filesystem access.
pkgs/python/[email protected]/.evergreen/scripts/mod_wsgi_tester.py:64
        LOGGER.error(Path("error_log").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e7bafc3fd0608e23 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/mod_wsgi_tester.py:72
    uri1 = os.environ["TEST_URI1"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b84f63a153c972c3 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/mod_wsgi_tester.py:73
    uri2 = os.environ["TEST_URI2"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ebea939f097ea12c Filesystem access.
pkgs/python/[email protected]/.evergreen/scripts/mod_wsgi_tester.py:81
        LOGGER.error(Path("error_log").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1321d9b23fbe3baa Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/mod_wsgi_tester.py:86
    apache = os.environ["APACHE_BINARY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #af70dbe3ab0515fb Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/mod_wsgi_tester.py:87
    apache_config = os.environ["APACHE_CONFIG"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ed66b7a7795bb1b0 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/oidc_tester.py:34
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8cada61df5a013aa Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/oidc_tester.py:36
    if sub_test_name == "eks" and "AWS_ACCESS_KEY_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d48040f694f1398e Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/oidc_tester.py:39
            if key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #df01430dc41706e5 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/oidc_tester.py:40
                write_env(key, os.environ[key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cd66da3d18d631ef Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/oidc_tester.py:62
        return os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8c6b1b45208ce101 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/oidc_tester.py:84
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #71cc3b768e55350d Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/resync-all-specs.py:63
    spec_dir = pathlib.Path(os.environ["MDB_SPECS"]) / "source"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8e71efec7cf21973 Filesystem access.
pkgs/python/[email protected]/.evergreen/scripts/resync-all-specs.py:126
            with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #00b319cbbc8c3b85 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_server.py:10
    os.environ[name] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #90c5f2c28cd296b3 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_server.py:22
    if "VERSION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cc209c1a4c681978 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_server.py:23
        os.environ["MONGODB_VERSION"] = os.environ["VERSION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #11f8fdf541f419f2 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_server.py:32
        os.environ["TOPOLOGY"] = "replica_set"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9bf4deacc7c56554 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_server.py:33
        os.environ["MONGODB_VERSION"] = "7.0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bc21ad046173ffaa Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_server.py:35
    if not os.environ.get("TEST_CRYPT_SHARED"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7a3060826c591a66 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:24
AUTH = os.environ.get("AUTH", "noauth")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1c0336735011dc05 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:25
SSL = os.environ.get("SSL", "nossl")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a85ca0c70226943b Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:26
UV_ARGS = os.environ.get("UV_ARGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #66754867f1542813 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:27
TEST_PERF = os.environ.get("TEST_PERF")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #69912606d8260fd7 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:28
GREEN_FRAMEWORK = os.environ.get("GREEN_FRAMEWORK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7dac6a2a9e6941cf Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:29
TEST_ARGS = os.environ.get("TEST_ARGS", "").split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9ec40826626f8b98 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:30
TEST_NAME = os.environ.get("TEST_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5b9daf922e19c57d Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:31
SUB_TEST_NAME = os.environ.get("SUB_TEST_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #703eb22bf9238eb0 Filesystem access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:53
    with open("results.json") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c6b2dd3287c72c47 Filesystem access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:68
    with open("report.json", "w", newline="\n") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fac53fd83c1b42b8 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:106
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f43e5bc9d41d628d Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:150
    if not os.environ.get("NO_EXT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #84944dceff170f41 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:153
    if os.environ.get("PYMONGOCRYPT_LIB"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0a13bb0407443c0d Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:204
    if os.environ.get("DEBUG_LOG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1cd91b7477f531a9 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/run_tests.py:207
    if os.environ.get("COVERAGE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3f110fedaa280c76 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:57
    value = os.environ.get(var, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #32b0d514698d5c3e Filesystem access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:65
    with open("/etc/os-release") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #19ba6b0740bf46e5 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:111
        url = os.environ["LIBMONGOCRYPT_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ed5d71316e83d1d5 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:181
            write_env(var, os.environ.get(var, getattr(opts, var.lower(), "")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8c2f4d60e2247730 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:200
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #978a283ddbcf0599 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:223
        if "AWS_ACCESS_KEY_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d59dc0f4a4028afc Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:225
                if key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #90f91d50b0f82fe4 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:226
                    write_env(key, os.environ[key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #92545e02a9e6a599 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:268
            os.environ["KRB5_CONFIG"] = str(krb_conf)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #22521aa7bf0e5d7a Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:281
        SINGLE_MONGOS_LB_URI = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #17346fac25caefe4 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:281
        SINGLE_MONGOS_LB_URI = os.environ.get(
            "SINGLE_MONGOS_LB_URI", "mongodb://127.0.0.1:8000/?loadBalanced=true"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #86b3a00472f2961c Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:284
        MULTI_MONGOS_LB_URI = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #169c5552539dbb9d Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:284
        MULTI_MONGOS_LB_URI = os.environ.get(
            "MULTI_MONGOS_LB_URI", "mongodb://127.0.0.1:8001/?loadBalanced=true"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e4006a03c54c13a2 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:304
            os.environ["OCSP_SERVER_TYPE"] = sub_test_name

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5d1b752b9803bebc Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:306
            if name not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0ebdb2d1f3cccb29 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:309
        server_type = os.environ["OCSP_SERVER_TYPE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a26c3a6bc6125698 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:310
        orch_file = os.environ["ORCHESTRATION_FILE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bb483ab73dd52e36 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:321
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #59d76efddf13fe14 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:328
        version = os.environ.get("VERSION", "latest")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a317243f8f7c8bd5 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:349
    compressors = os.environ.get("COMPRESSORS") or opts.compressor

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #63df731f9f83302d Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:412
        if "AWS_ROLE_SESSION_NAME" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fef98324df9ff516 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/setup_tests.py:472
        framework = opts.green_framework or os.environ["GREEN_FRAMEWORK"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #310ed9ac7454e54e Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/teardown_tests.py:10
TEST_NAME = os.environ.get("TEST_NAME", "unconfigured")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3ee22d5091ffff4b Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/teardown_tests.py:11
SUB_TEST_NAME = os.environ.get("SUB_TEST_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1f89a4624ed6acbb Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/teardown_tests.py:52
    Path(os.environ["OUTPUT_FILE"]).unlink(missing_ok=True)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #15669e66c8617e2a Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/teardown_tests.py:61
if os.environ.get("COVERAGE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1e78ae83b56e8fff Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/utils.py:15
DRIVERS_TOOLS = os.environ.get("DRIVERS_TOOLS", "").replace(os.sep, "/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8d0de4de661406a6 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/utils.py:169
        if env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5d063ebbc634a0ae Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/utils.py:173
                opts.auth = os.environ.get("AUTH") == "auth"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ac7038e845b7d32a Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/utils.py:175
                ssl_opt = os.environ.get("SSL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c8c8d8dd575ed308 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/utils.py:178
                if os.environ[env_var]:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bfd4109c63718c71 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/utils.py:181
                setattr(opts, key, os.environ[env_var])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #02ad76834ac4f7d8 Environment-variable access.
pkgs/python/[email protected]/.evergreen/scripts/utils.py:211
    env = kwargs.pop("env", os.environ).copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b555331819d7e2c8 Environment-variable access.
pkgs/python/[email protected]/_setup.py:71
            if os.environ.get("PYMONGO_C_EXT_MUST_BUILD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d280cf28735efe93 Environment-variable access.
pkgs/python/[email protected]/_setup.py:88
            if "ProgramFiles" in os.environ and "ProgramFiles(x86)" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e670f18b23abbdf5 Environment-variable access.
pkgs/python/[email protected]/_setup.py:89
                os.environ["ProgramFiles(x86)"] = os.environ["ProgramFiles"] + " (x86)"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #592974617e35d28a Environment-variable access.
pkgs/python/[email protected]/_setup.py:94
            if os.environ.get("PYMONGO_C_EXT_MUST_BUILD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7865ed0c0281a31 Environment-variable access.
pkgs/python/[email protected]/_setup.py:127
if "--no_ext" in sys.argv or os.environ.get("NO_EXT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60c6fcde53d4ad3c Environment-variable access.
pkgs/python/[email protected]/pymongo/auth_oidc_shared.py:81
        token_file = os.environ.get("OIDC_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9235e259a6910ad Filesystem access.
pkgs/python/[email protected]/pymongo/auth_oidc_shared.py:86
        with open(token_file) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52fd1b552a122b15 Environment-variable access.
pkgs/python/[email protected]/pymongo/auth_oidc_shared.py:92
        token_file = os.environ.get("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d3497f9de19b0af Filesystem access.
pkgs/python/[email protected]/pymongo/auth_oidc_shared.py:97
        with open(token_file) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #360dd94cf824dec2 Environment-variable access.
pkgs/python/[email protected]/pymongo/auth_oidc_shared.py:129
        if key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9af1aa801427f4b Environment-variable access.
pkgs/python/[email protected]/pymongo/auth_oidc_shared.py:130
            fname = os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e35270765f504883 Filesystem access.
pkgs/python/[email protected]/pymongo/auth_oidc_shared.py:131
    with open(fname) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #061b24697822b04a Filesystem access.
pkgs/python/[email protected]/pymongo/common.py:238
    open(value).close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45e142732258aad7 Filesystem access.
pkgs/python/[email protected]/pymongo/daemon.py:64
            with open(os.devnull, "r+b") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7008aae2ae838a1e Filesystem access.
pkgs/python/[email protected]/pymongo/daemon.py:95
            with open(os.devnull, "r+b") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a56a6d6f4fe5afc Environment-variable access.
pkgs/python/[email protected]/pymongo/logger.py:165
        document_length = int(os.getenv("MONGOB_LOG_MAX_DOCUMENT_LENGTH", _DEFAULT_DOCUMENT_LENGTH))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75870e4cb630438b Environment-variable access.
pkgs/python/[email protected]/pymongo/pool_options.py:78
        "architecture": os.environ.get("PROCESSOR_ARCHITECTURE") or platform.machine(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f231d3ebefb905d Environment-variable access.
pkgs/python/[email protected]/pymongo/pool_options.py:119
    if os.getenv(ENV_VAR_K8S):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f80eb4d0e4e7e6d Environment-variable access.
pkgs/python/[email protected]/pymongo/pool_options.py:126
    if os.getenv("AWS_LAMBDA_RUNTIME_API"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fa5f5393c385ec3 Environment-variable access.
pkgs/python/[email protected]/pymongo/pool_options.py:128
    env = os.getenv("AWS_EXECUTION_ENV")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91a3f6d984aa78db Environment-variable access.
pkgs/python/[email protected]/pymongo/pool_options.py:135
    return bool(os.getenv("FUNCTIONS_WORKER_RUNTIME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d30c0a4009b41d84 Environment-variable access.
pkgs/python/[email protected]/pymongo/pool_options.py:139
    return bool(os.getenv("K_SERVICE") or os.getenv("FUNCTION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd27169e4c52606a Environment-variable access.
pkgs/python/[email protected]/pymongo/pool_options.py:143
    return bool(os.getenv("VERCEL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ee7ef361c21b523 Environment-variable access.
pkgs/python/[email protected]/pymongo/pool_options.py:152
    val = os.getenv(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #644e3380f6137441 Environment-variable access.
pkgs/python/[email protected]/pymongo/pool_options.py:171
        region = os.getenv("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #698bf1c5ef952221 Environment-variable access.
pkgs/python/[email protected]/pymongo/pool_options.py:181
        region = os.getenv("FUNCTION_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #147cf9ccad682213 Environment-variable access.
pkgs/python/[email protected]/pymongo/pool_options.py:192
        region = os.getenv("VERCEL_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7bda372449b3e185 Filesystem access.
pkgs/python/[email protected]/tools/compare_import_time.py:23
    with open(f"pymongo-{sha}.log") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cf6b37b29c9ba986 Filesystem access.
pkgs/python/[email protected]/tools/convert_test_to_async.py:123
    with open(input_file, "r+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b12e9b113dad8d14 Filesystem access.
pkgs/python/[email protected]/tools/convert_test_to_async.py:127
        with open(output_file, "w+") as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7df66aeb2035420c Filesystem access.
pkgs/python/[email protected]/tools/ensure_future_annotations_import.py:29
        with open(path) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9b295883b10a6f09 Filesystem access.
pkgs/python/[email protected]/tools/synchro.py:290
            with open(file, "r+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f0b0f3fca88343e7 Environment-variable access.
pkgs/python/[email protected]/tools/synchro.py:442
            and "OVERRIDE_SYNCHRO_CHECK" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

singlestoredb

python dependency
high pii_flow dependency Excluded from app score #70fd06397bfa750a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/singlestoredb/fusion/graphql.py:173 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/singlestoredb/fusion/graphql.py:172 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/singlestoredb/fusion/graphql.py:173
        res = requests.post(
            self.api_url,
            headers={
                'Content-Type': 'application/json',
                'Authorization': f'Bearer {api_token}',
            },
            json={
                'query': type(self).get_query(),
                'variables': variables or {},
            },
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 122 low-confidence finding(s)
low env_fs dependency Excluded from app score #8e1b534b7a8c65f1 Environment-variable access.
pkgs/python/[email protected]/setup.py:15
build_extension = bool(int(os.environ.get('SINGLESTOREDB_BUILD_EXTENSION', '1')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf281cd248410a20 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/ai/chat.py:47
        base_url = os.environ.get('SINGLESTOREDB_INFERENCE_API_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7485205c6c11407 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/ai/chat.py:49
        hosting_platform = os.environ.get('SINGLESTOREDB_INFERENCE_API_HOSTING_PLATFORM')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae2f6b4df76808f0 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/ai/chat.py:114
            token_env_val = os.environ.get('SINGLESTOREDB_USER_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71797bbf449b9cf6 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/ai/chat.py:155
    token_env = os.environ.get('SINGLESTOREDB_USER_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cbfeae4b92fd050 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/ai/embeddings.py:46
        base_url = os.environ.get('SINGLESTOREDB_INFERENCE_API_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f6d56a1fe5762d9 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/ai/embeddings.py:48
        hosting_platform = os.environ.get('SINGLESTOREDB_INFERENCE_API_HOSTING_PLATFORM')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37fb8a3ca19462e9 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/ai/embeddings.py:113
            token_env_val = os.environ.get('SINGLESTOREDB_USER_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #916657f709d929ac Environment-variable access.
pkgs/python/[email protected]/singlestoredb/ai/embeddings.py:145
    token_env = os.environ.get('SINGLESTOREDB_USER_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28bb466b45e65ab7 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/apps/_config.py:20
        value = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4e74e9963b7a452 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/apps/_config.py:36
        workload_type = os.environ.get('SINGLESTOREDB_WORKLOAD_TYPE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dec7e437b12e1407 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/apps/_config.py:39
        is_gateway_enabled = 'SINGLESTOREDB_NOVA_GATEWAY_ENDPOINT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e55c30b799b41da Environment-variable access.
pkgs/python/[email protected]/singlestoredb/apps/_config.py:41
        app_token = os.environ.get('SINGLESTOREDB_APP_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a3c3e2668fd87a2 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/apps/_config.py:42
        user_token = os.environ.get('SINGLESTOREDB_USER_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43e8d7d4a6104588 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/apps/_python_udfs.py:100
    gateway_url = os.environ.get('SINGLESTOREDB_NOVA_GATEWAY_ENDPOINT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4db90565349ab5a Environment-variable access.
pkgs/python/[email protected]/singlestoredb/apps/_python_udfs.py:102
        gateway_url = os.environ.get('SINGLESTOREDB_NOVA_GATEWAY_DEV_ENDPOINT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42a7e489d66a7777 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/apps/_python_udfs.py:112
    raw = os.environ.get('SINGLESTOREDB_UDF_KEEPALIVE_TIMEOUT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #564f8762ab359f6f Environment-variable access.
pkgs/python/[email protected]/singlestoredb/config.py:448
    os.environ.get('SINGLESTOREDB_URL') or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc0c08056e152216 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/asgi.py:98
num_processes = max(0, int(os.environ.get('SINGLESTOREDB_EXT_NUM_PROCESSES', 0)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e06d5dfd5504bf1c Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/asgi.py:1119
                x for x in os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #875a398f234edcee Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/asgi.py:1123
                specs = [os.environ[x] for x in env_vars]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5eb9b255b3ee82a Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/asgi.py:1998
            elif os.environ.get('SINGLESTOREDB_WORKSPACE_GROUP'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #635300ffaa254553 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/asgi.py:2000
                    os.environ['SINGLESTOREDB_WORKSPACE_GROUP'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bb47cd55d89fc98 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/asgi.py:2211
                elif os.environ.get('SINGLESTOREDB_WORKSPACE_GROUP'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95ca508d9f89e37a Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/asgi.py:2213
                        os.environ['SINGLESTOREDB_WORKSPACE_GROUP'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6b18f7678f70df7 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/mmap.py:230
            default=os.environ.get('SINGLESTOREDB_URL', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f2ccdd96c886b16 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/mmap.py:272
                elif os.environ.get('SINGLESTOREDB_WORKSPACE_GROUP'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #401b96d7c288d3c5 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/mmap.py:274
                        os.environ['SINGLESTOREDB_WORKSPACE_GROUP'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88b772ee8a8089be Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/plugin/__main__.py:34
        default=os.environ.get('PLUGIN_NAME', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efe86343c6837f3b Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/plugin/__main__.py:42
        default=os.environ.get('PLUGIN_SEARCH_PATH', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2deac7d2a8216e1 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/plugin/__main__.py:50
        default=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3151e999a15c643 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/plugin/__main__.py:50
        default=os.environ.get(
            'PLUGIN_SOCKET_PATH',
            os.path.join(
                tempfile.gettempdir(),
                f'singlestore-udf-{os.getpid()}-{secrets.token_hex(4)}.sock',
            ),
        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7fe0b6d2405087e Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/plugin/__main__.py:65
        default=int(os.environ.get('PLUGIN_N_WORKERS', '0')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef1c9824d6fd4888 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/plugin/__main__.py:74
        default=int(os.environ.get('PLUGIN_MAX_CONNECTIONS', '32')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09e8e0706b27b9e5 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/plugin/__main__.py:82
        default=os.environ.get('PLUGIN_LOG_LEVEL', 'info'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e76f10eef7f6a13 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/plugin/__main__.py:91
        default=os.environ.get('PLUGIN_PROCESS_MODE', 'process'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0faf34d734ec5ab Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/ext/plugin/connection.py:48
_PROFILE = os.environ.get('SINGLESTOREDB_UDF_PROFILE', '') == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec5a501976fb81bb Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/signature.py:1567
    host = os.environ.get('SINGLESTOREDB_EXT_HOST', '127.0.0.1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d491667db69c9b2a Environment-variable access.
pkgs/python/[email protected]/singlestoredb/functions/signature.py:1568
    port = os.environ.get('SINGLESTOREDB_EXT_PORT', '8000')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d79458dcd33b04de Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/graphql.py:172
        api_token = self.api_token or os.environ.get('SINGLESTOREDB_BACKEND_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c2c5ff7da624f5e Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handler.py:626
                os.environ.get('SINGLESTOREDB_FUSION_ENABLE_HIDDEN', '0').lower() not in \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a0f66fab86d3c24 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:92
    if os.environ.get('SINGLESTOREDB_WORKSPACE_GROUP'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77ced0a626732ce1 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:95
                os.environ['SINGLESTOREDB_WORKSPACE_GROUP'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cacaa96b81f51449 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:101
                    f'{os.environ["SINGLESTOREDB_WORKSPACE_GROUP"]}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #536cebc47d1b6403 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:105
    if os.environ.get('SINGLESTOREDB_CLUSTER'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d32dabcb743590a3 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:159
    if os.environ.get('SINGLESTOREDB_WORKSPACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #750e0344f4cfc16d Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:162
                os.environ['SINGLESTOREDB_WORKSPACE'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9068fcffb7ab5fcb Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:168
                    f'{os.environ["SINGLESTOREDB_WORKSPACE"]}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7b6f0585eb660c3 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:172
    if os.environ.get('SINGLESTOREDB_CLUSTER'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e38593a96d43d7e Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:272
    if os.environ.get('SINGLESTOREDB_WORKSPACE_GROUP'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61e8bdf7c1e6e095 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:275
                os.environ['SINGLESTOREDB_WORKSPACE_GROUP'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47416b0e48dd4dfe Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:281
                    f'{os.environ["SINGLESTOREDB_WORKSPACE_GROUP"]}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f937e5649316aa71 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:286
    if os.environ.get('SINGLESTOREDB_CLUSTER'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c26d6d248b981f78 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:289
                os.environ['SINGLESTOREDB_CLUSTER'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36b2cc17927cc614 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/fusion/handlers/utils.py:295
                    f'{os.environ["SINGLESTOREDB_CLUSTER"]}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9580d46c190bf489 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/http/connection.py:996
        if 'SINGLESTOREDB_WORKLOAD_TYPE' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60d76c21ea29d48b Environment-variable access.
pkgs/python/[email protected]/singlestoredb/http/connection.py:997
            client_version += '+' + os.environ['SINGLESTOREDB_WORKLOAD_TYPE']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb2caa2410286864 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/http/connection.py:1078
        url = os.environ.get('SINGLESTOREDB_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73816089e5948c15 Filesystem access.
pkgs/python/[email protected]/singlestoredb/magics/run_personal.py:121
                yield fpath.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c941ac5064cdc6f6 Filesystem access.
pkgs/python/[email protected]/singlestoredb/magics/run_shared.py:118
                yield fpath.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #538f2207f251fd02 Filesystem access.
pkgs/python/[email protected]/singlestoredb/management/files.py:686
        return self._upload(open(local_path, 'rb'), path, overwrite=overwrite)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2caf2242f64aad04 Filesystem access.
pkgs/python/[email protected]/singlestoredb/management/files.py:1127
            with open(local_path, 'wb') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02ad78c8de2bb5f2 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/inference_api.py:278
        self.project_id = os.environ.get('SINGLESTOREDB_PROJECT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91e4064fef2f066f Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/manager.py:26
    org = os.environ.get('SINGLESTOREDB_ORGANIZATION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1c2c10bfe44fd56 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/manager.py:346
        if not os.environ.get('SINGLESTOREDB_WORKLOAD_TYPE', ''):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9d62922ce8bdb87 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/utils.py:169
        url = os.environ.get('SINGLESTOREDB_URL') or get_option('host')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b200009ca45917f Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/utils.py:228
    return os.environ.get('SINGLESTOREDB_CLUSTER') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5198419613c05cbf Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/utils.py:233
    return os.environ.get('SINGLESTOREDB_WORKSPACE') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #696198793c623edd Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/utils.py:238
    return os.environ.get('SINGLESTOREDB_VIRTUAL_WORKSPACE') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4815ea7a5a284cf4 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/utils.py:243
    return os.environ.get('SINGLESTOREDB_DEFAULT_DATABASE') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af2e48aee736f6d3 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/workspace.py:63
    elif 'SINGLESTOREDB_WORKSPACE_GROUP' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c7c1960b67ebd0b Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/workspace.py:65
            os.environ['SINGLESTOREDB_WORKSPACE_GROUP']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42d17c8d6b792d9c Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/workspace.py:87
    elif 'SINGLESTOREDB_WORKSPACE' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21b85aa2b0e134b0 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/management/workspace.py:89
            os.environ['SINGLESTOREDB_WORKSPACE']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ee44301495503e3 Filesystem access.
pkgs/python/[email protected]/singlestoredb/management/workspace.py:201
        return self._upload(open(local_path, 'rb'), stage_path, overwrite=overwrite)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cc1e96c96ff007c Filesystem access.
pkgs/python/[email protected]/singlestoredb/management/workspace.py:607
            with open(local_path, 'wb') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b66860a771538378 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/mysql/connection.py:638
        if 'SINGLESTOREDB_WORKLOAD_TYPE' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ccdb143b56ce571 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/mysql/connection.py:639
            VERSION_STRING += '+' + os.environ['SINGLESTOREDB_WORKLOAD_TYPE']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cf3e1acddbc9823 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/mysql/connection.py:1038
            url = os.environ.get('SINGLESTOREDB_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8482fa99e61cfb85 Filesystem access.
pkgs/python/[email protected]/singlestoredb/mysql/connection.py:2032
                    with open(self.filename, 'rb') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e3ce3640aedef1d Environment-variable access.
pkgs/python/[email protected]/singlestoredb/notebook/__init__.py:12
if 'SINGLESTOREDB_ORGANIZATION' not in _os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dec9d1764f51054e Environment-variable access.
pkgs/python/[email protected]/singlestoredb/notebook/_portal.py:119
            return os.environ.get('SINGLESTOREDB_ORGANIZATION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63574d1923f00b26 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/notebook/_portal.py:142
            return os.environ.get('SINGLESTOREDB_WORKSPACE_GROUP')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c714d4dbca7ea9cc Environment-variable access.
pkgs/python/[email protected]/singlestoredb/notebook/_portal.py:163
            return os.environ.get('SINGLESTOREDB_WORKSPACE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e914b38f6b14088 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/notebook/_portal.py:267
            return os.environ.get('SINGLESTOREDB_CLUSTER')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cf30c8f5a296d6a Environment-variable access.
pkgs/python/[email protected]/singlestoredb/notebook/_portal.py:271
            os.environ.get('SINGLESTOREDB_URL', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f7f6609afb93a3b Environment-variable access.
pkgs/python/[email protected]/singlestoredb/notebook/_portal.py:287
            return os.environ.get('SINGLESTOREDB_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e90865eb16d71294 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/notebook/_portal.py:295
            return os.environ.get('SINGLESTOREDB_URL_KAI')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87810994030c32f5 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/pytest.py:51
    worker = os.environ.get('PYTEST_XDIST_WORKER')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf2c8982052b9a4b Environment-variable access.
pkgs/python/[email protected]/singlestoredb/pytest.py:52
    worker_count = os.environ.get('PYTEST_XDIST_WORKER_COUNT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb2fc01a11430c6c Environment-variable access.
pkgs/python/[email protected]/singlestoredb/pytest.py:78
    worker = os.environ.get('PYTEST_XDIST_WORKER')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03b50af9d3f11282 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/pytest.py:99
        self.existing_url = os.environ.get('SINGLESTOREDB_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6df49a174e369cc6 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/pytest.py:111
        worker = os.environ.get('PYTEST_XDIST_WORKER', 'master')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe0515aef8c4ec6f Environment-variable access.
pkgs/python/[email protected]/singlestoredb/pytest.py:119
        license = os.environ.get('SINGLESTORE_LICENSE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d125ae42929717dd Environment-variable access.
pkgs/python/[email protected]/singlestoredb/pytest.py:205
            license = os.environ.get('SINGLESTORE_LICENSE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2d2adb5a92829d8 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/docker.py:139
            license = os.environ.get('SINGLESTORE_LICENSE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62f8cb45bc744a2f Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/docker.py:215
        self._saved_server_urls['DATABASE_URL'] = os.environ.get('DATABASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb1dcd022c2af76c Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/docker.py:216
        os.environ['DATABASE_URL'] = self.connection_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0607d1d01103db6 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/docker.py:217
        self._saved_server_urls['SINGLESTOREDB_URL'] = os.environ.get('SINGLESTOREDB_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #069cfd02a495b29f Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/docker.py:218
        os.environ['SINGLESTOREDB_URL'] = self.connection_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffd9dc4fd3f4119e Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/docker.py:224
                    del os.environ[k]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dd3e148e0e5cac0 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/docker.py:226
                    os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #05f8e8e1a3d35ffd Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/singlestoredb/server/free_tier.py:51
        r = requests.get('https://shell.singlestore.com/api/session')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #4e113ba8a250a529 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/free_tier.py:89
        self._saved_server_urls['DATABASE_URL'] = os.environ.get('DATABASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #494c9452b95a1c2d Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/free_tier.py:90
        os.environ['DATABASE_URL'] = self.connection_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92ab1f7ac9192d35 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/free_tier.py:91
        self._saved_server_urls['SINGLESTOREDB_URL'] = os.environ.get('SINGLESTOREDB_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c0c0c9eb9497822 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/free_tier.py:92
        os.environ['SINGLESTOREDB_URL'] = self.connection_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73b454a8941b47b9 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/free_tier.py:98
                    del os.environ[k]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #575bfce4bc03d468 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/server/free_tier.py:100
                    os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #98397d53a2827fe9 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/singlestoredb/server/free_tier.py:250
                requests.get(
                    'https://shell.singlestore.com/api/terminate',
                    cookies=self._cookies,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #df17fd8b8071b9e6 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/utils/config.py:74
        if name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec7e4dad1995144a Environment-variable access.
pkgs/python/[email protected]/singlestoredb/utils/config.py:75
            return os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb78e9267caa185a Environment-variable access.
pkgs/python/[email protected]/singlestoredb/utils/config.py:77
        if name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be8460bd6daabc50 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/utils/config.py:78
            return os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a267d29712948e22 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/utils/config.py:107
        if name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89860389e12ee2ed Environment-variable access.
pkgs/python/[email protected]/singlestoredb/utils/config.py:108
            os.environ[name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fac9adad441b064 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/utils/config.py:110
        if name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1128df7fad1666bb Environment-variable access.
pkgs/python/[email protected]/singlestoredb/utils/config.py:111
            os.environ[name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5222fcf3c7ad3e67 Environment-variable access.
pkgs/python/[email protected]/singlestoredb/utils/config.py:119
        os.environ.pop(name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbbd31f39ff74bcd Environment-variable access.
pkgs/python/[email protected]/singlestoredb/utils/config.py:120
        os.environ.pop(name.replace('_', ''), None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #823cfd25a157a864 Environment-variable access.
pkgs/python/[email protected]/sqlx/magic.py:74
            if 'DATABASE_URL' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62d685c94e6139af Environment-variable access.
pkgs/python/[email protected]/sqlx/magic.py:84
                os.environ['DATABASE_URL'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

uv

python dependency
high pii_flow dependency Excluded from app score #437ef5eca9eacf11 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/crates/uv-python/fetch-download-metadata.py:794 · flow /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/crates/uv-python/fetch-download-metadata.py:782 → /tmp/closeopen-4a0hfpp6/pkgs/python/[email protected]/crates/uv-python/fetch-download-metadata.py:794
    client = httpx.AsyncClient(follow_redirects=True, headers=headers, timeout=60)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 10 low-confidence finding(s)
low env_fs dependency Excluded from app score #da171daf6fa3cc6e Environment-variable access.
pkgs/python/[email protected]/crates/uv-installer/src/pip_compileall.py:25
    invalidation_mode = os.environ.get("PYC_INVALIDATION_MODE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #971d68ecfa097a73 Filesystem access.
pkgs/python/[email protected]/crates/uv-python/fetch-download-metadata.py:778
    VERSIONS_FILE.write_text(json.dumps(results, indent=2) + "\n", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #994228eaf700ad73 Environment-variable access.
pkgs/python/[email protected]/crates/uv-python/fetch-download-metadata.py:782
    token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #515b44771e411ccf Filesystem access.
pkgs/python/[email protected]/crates/uv-python/python/packaging/_manylinux.py:22
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75013563b6431e05 Filesystem access.
pkgs/python/[email protected]/crates/uv-python/python/packaging/_musllinux.py:44
        with open(executable, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cf70c1418e457d7 Environment-variable access.
pkgs/python/[email protected]/crates/uv-virtualenv/src/activator/activate_this.py:47
os.environ["PATH"] = os.pathsep.join([bin_dir, *os.environ.get("PATH", "").split(os.pathsep)])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f4dc0b8b6392c47 Environment-variable access.
pkgs/python/[email protected]/crates/uv-virtualenv/src/activator/activate_this.py:48
os.environ["VIRTUAL_ENV"] = base  # virtual env is right above bin directory

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e37a15e5554d4c3 Environment-variable access.
pkgs/python/[email protected]/crates/uv-virtualenv/src/activator/activate_this.py:49
os.environ["VIRTUAL_ENV_PROMPT"] = "{{ VIRTUAL_PROMPT }}" or os.path.basename(base)  # noqa: SIM222

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8791cc8f79b4eb26 Environment-variable access.
pkgs/python/[email protected]/python/uv/__main__.py:13
    value = os.getenv("VIRTUAL_ENV")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4acc0b2a7097c2d Environment-variable access.
pkgs/python/[email protected]/python/uv/__main__.py:29
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

opentelemetry-sdk

python dependency
medium telemetry dependency Excluded from app score #4a28b190b9a5229c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:20
from opentelemetry._logs import set_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #afe84e5376826792 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:21
from opentelemetry.environment_variables import (
    OTEL_LOGS_EXPORTER,
    OTEL_METRICS_EXPORTER,
    OTEL_PYTHON_ID_GENERATOR,
    OTEL_TRACES_EXPORTER,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #149cc2aaaad1aebf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:27
from opentelemetry.metrics import set_meter_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cbff12c040e633a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:28
from opentelemetry.sdk._logs import (
    LoggerProvider,
    LoggingHandler,
    LogRecordProcessor,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7d965feda435c8bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:33
from opentelemetry.sdk._logs._internal import _LoggerConfiguratorT

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ceb9dcacdc28103a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:34
from opentelemetry.sdk._logs.export import (
    BatchLogRecordProcessor,
    LogRecordExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d1dee4e72199a28 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:38
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED,
    OTEL_CONFIG_FILE,
    OTEL_EXPORTER_OTLP_LOGS_PROTOCOL,
    OTEL_EXPORTER_OTLP_METRICS_PROTOCOL,
    OTEL_EXPORTER_OTLP_PROTOCOL,
    OTEL_EXPORTER_OTLP_TRACES_PROTOCOL,
    OTEL_PYTHON_LOGGER_CONFIGURATOR,
    OTEL_PYTHON_METER_CONFIGURATOR,
    OTEL_PYTHON_TRACER_CONFIGURATOR,
    OTEL_TRACES_SAMPLER,
    OTEL_TRACES_SAMPLER_ARG,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8cc16e44825248e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:51
from opentelemetry.sdk.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b1cb8d598261b6c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:52
from opentelemetry.sdk.metrics._internal import _MeterConfiguratorT

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1a67da071904eea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:53
from opentelemetry.sdk.metrics.export import (
    MetricExporter,
    MetricReader,
    PeriodicExportingMetricReader,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #02d3f62939155e8e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:58
from opentelemetry.sdk.resources import Attributes, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e721212e10aa1af0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:59
from opentelemetry.sdk.trace import (
    SpanProcessor,
    TracerProvider,
    _TracerConfiguratorT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #198c9326d9ba674d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:64
from opentelemetry.sdk.trace.export import BatchSpanProcessor, SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8b882f1534360057 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:65
from opentelemetry.sdk.trace.id_generator import IdGenerator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a8f59e2a3c01f2a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:66
from opentelemetry.sdk.trace.sampling import Sampler

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e2e51d72fe5e079e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:67
from opentelemetry.semconv.resource import ResourceAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a8071cdfcb1720a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:68
from opentelemetry.trace import set_tracer_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f5fdc40ba3d6d078 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:69
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #02edba653bea61d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:324
        from opentelemetry._events import (  # noqa: PLC0415
            set_event_logger_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0776d78d27e4c25a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:327
        from opentelemetry.sdk._events import (  # noqa: PLC0415
            EventLoggerProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dec0ca066641ad2f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:729
            from opentelemetry.sdk._configuration._sdk import (  # noqa: PLC0415
                configure_sdk,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #69de1d32ad217f82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:732
            from opentelemetry.sdk._configuration.file._loader import (  # noqa: PLC0415
                load_config_file,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fef9f2cfd432a6f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_common.py:12
from opentelemetry.sdk._configuration._exceptions import ConfigurationError

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #906fa745f1468225 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_common.py:13
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d3cdbbf23241550 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:8
from opentelemetry._logs import set_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f23d630fdaf08510 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:9
from opentelemetry.sdk._configuration._common import (
    _map_compression,
    _parse_headers,
    load_entry_point,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8e61353613524a80 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:14
from opentelemetry.sdk._configuration._exceptions import ConfigurationError

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4436a1a833dfe52a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:15
from opentelemetry.sdk._configuration.models import (
    BatchLogRecordProcessor as BatchLogRecordProcessorConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #927d646c7affdf48 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:18
from opentelemetry.sdk._configuration.models import (
    LoggerProvider as LoggerProviderConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #00e60bd5025bba83 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:21
from opentelemetry.sdk._configuration.models import (
    LogRecordExporter as LogRecordExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bcc4f0676a94e0fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:24
from opentelemetry.sdk._configuration.models import (
    LogRecordProcessor as LogRecordProcessorConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aa4d95df023c81f5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:27
from opentelemetry.sdk._configuration.models import (
    OtlpGrpcExporter as OtlpGrpcExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f920edad1fb64e72 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:30
from opentelemetry.sdk._configuration.models import (
    OtlpHttpExporter as OtlpHttpExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6af87a5b9e88ff34 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:33
from opentelemetry.sdk._configuration.models import (
    SimpleLogRecordProcessor as SimpleLogRecordProcessorConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d1f8182ce8262a6b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:36
from opentelemetry.sdk._logs import LoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d6d2244bddc66a14 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:37
from opentelemetry.sdk._logs._internal.export import (
    BatchLogRecordProcessor,
    ConsoleLogRecordExporter,
    LogRecordExporter,
    SimpleLogRecordProcessor,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5e86e29d28c5fc9f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:43
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f516e11f353b3e41 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:65
        from opentelemetry.exporter.otlp.proto.http import (  # type: ignore[import-untyped]  # noqa: PLC0415
            Compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d49b79862a64d086 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:68
        from opentelemetry.exporter.otlp.proto.http._log_exporter import (  # type: ignore[import-untyped]  # noqa: PLC0415
            OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #60813991ef49225a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_logger_provider.py:99
        from opentelemetry.exporter.otlp.proto.grpc._log_exporter import (  # type: ignore[import-untyped]  # noqa: PLC0415
            OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #16b227833e50fd84 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:8
from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f339ab155fcef366 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:9
from opentelemetry.sdk._configuration._common import (
    _map_compression,
    _parse_headers,
    load_entry_point,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e3aadb05198b458 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:14
from opentelemetry.sdk._configuration._exceptions import ConfigurationError

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #264bdc4988ce6e46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:15
from opentelemetry.sdk._configuration.models import (
    Aggregation as AggregationConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9be14b9e7e851bee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:18
from opentelemetry.sdk._configuration.models import (
    ConsoleMetricExporter as ConsoleMetricExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #18d819bab83381d0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:21
from opentelemetry.sdk._configuration.models import (
    ExemplarFilter as ExemplarFilterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8a4e448c605b5fe7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:24
from opentelemetry.sdk._configuration.models import (
    ExperimentalPrometheusMetricExporter as PrometheusMetricExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e7cf9ff6851c606b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:27
from opentelemetry.sdk._configuration.models import (
    ExporterDefaultHistogramAggregation,
    ExporterTemporalityPreference,
    InstrumentType,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d1ea1ffd4a534ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:32
from opentelemetry.sdk._configuration.models import (
    MeterProvider as MeterProviderConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #34e2023a1940379e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:35
from opentelemetry.sdk._configuration.models import (
    MetricReader as MetricReaderConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d6efbba678bd2dc4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:38
from opentelemetry.sdk._configuration.models import (
    OtlpGrpcMetricExporter as OtlpGrpcMetricExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #92825cfa7dee7472 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:41
from opentelemetry.sdk._configuration.models import (
    OtlpHttpMetricExporter as OtlpHttpMetricExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #55224d3a568d56f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:44
from opentelemetry.sdk._configuration.models import (
    PeriodicMetricReader as PeriodicMetricReaderConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #531dd192c3bfd71e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:47
from opentelemetry.sdk._configuration.models import (
    PullMetricExporter as PullMetricExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1e61f366ce20ba45 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:50
from opentelemetry.sdk._configuration.models import (
    PullMetricReader as PullMetricReaderConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c35477884830ef89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:53
from opentelemetry.sdk._configuration.models import (
    PushMetricExporter as PushMetricExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0fb9829526376bb9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:56
from opentelemetry.sdk._configuration.models import (
    View as ViewConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #51cb1a3b102b9cc7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:59
from opentelemetry.sdk.metrics import (
    AlwaysOffExemplarFilter,
    AlwaysOnExemplarFilter,
    Counter,
    Histogram,
    MeterProvider,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    TraceBasedExemplarFilter,
    UpDownCounter,
    _Gauge,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3eed33102f385b1d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:72
from opentelemetry.sdk.metrics.export import (
    AggregationTemporality,
    ConsoleMetricExporter,
    MetricExporter,
    MetricReader,
    PeriodicExportingMetricReader,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #beed1ee43c92aded Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:79
from opentelemetry.sdk.metrics.view import (
    Aggregation,
    DefaultAggregation,
    DropAggregation,
    ExplicitBucketHistogramAggregation,
    ExponentialBucketHistogramAggregation,
    LastValueAggregation,
    SumAggregation,
    View,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6f19b7edfaccd9e8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:89
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b3722878f82d0602 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:275
        from opentelemetry.exporter.otlp.proto.http import (  # type: ignore[import-untyped]  # noqa: PLC0415
            Compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1b86c19f57668f05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:278
        from opentelemetry.exporter.otlp.proto.http.metric_exporter import (  # type: ignore[import-untyped]  # noqa: PLC0415
            OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21d16a8101eae18c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:315
        from opentelemetry.exporter.otlp.proto.grpc.metric_exporter import (  # type: ignore[import-untyped]  # noqa: PLC0415
            OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #28ff187de2d012d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_meter_provider.py:415
        from opentelemetry.exporter.prometheus import (  # type: ignore[import-untyped]  # noqa: PLC0415
            PrometheusMetricReader,
            start_http_server,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f447d09a0ebe4221 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_propagator.py:6
from opentelemetry.baggage.propagation import W3CBaggagePropagator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1fa2877d4845e9ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_propagator.py:7
from opentelemetry.propagate import set_global_textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1f164a62578769b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_propagator.py:8
from opentelemetry.propagators.composite import CompositePropagator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a5b8688bfb391ff6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_propagator.py:9
from opentelemetry.propagators.textmap import TextMapPropagator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b3cc725bb18aab75 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_propagator.py:10
from opentelemetry.sdk._configuration._common import load_entry_point

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e64733a8ff9d3eb0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_propagator.py:11
from opentelemetry.sdk._configuration.models import (
    Propagator as PropagatorConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97e96405dc2eab78 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_propagator.py:14
from opentelemetry.sdk._configuration.models import (
    TextMapPropagator as TextMapPropagatorConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5ba59e2e28a98c86 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_propagator.py:17
from opentelemetry.trace.propagation.tracecontext import (
    TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e9da73260291c7fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_resource.py:14
from opentelemetry.sdk._configuration._common import load_entry_point

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6172d813eda94443 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_resource.py:15
from opentelemetry.sdk._configuration.models import (
    AttributeNameValue,
    AttributeType,
    ExperimentalResourceDetector,
    IncludeExclude,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #da1d72e8db94fa97 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_resource.py:21
from opentelemetry.sdk._configuration.models import Resource as ResourceConfig

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e20361c38c1e0fa0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_resource.py:22
from opentelemetry.sdk.resources import (
    _DEFAULT_RESOURCE,
    OTEL_SERVICE_NAME,
    SERVICE_NAME,
    ProcessResourceDetector,
    Resource,
    ServiceInstanceIdResourceDetector,
    _HostResourceDetector,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d8dc42519ee7deb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_resource.py:31
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7c0d666772cca322 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_sdk.py:15
from opentelemetry.sdk._configuration._logger_provider import (
    configure_logger_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #36ddaab13c161c34 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_sdk.py:18
from opentelemetry.sdk._configuration._meter_provider import (
    configure_meter_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dc0027575db948d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_sdk.py:21
from opentelemetry.sdk._configuration._propagator import configure_propagator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fd7f27327b2c62ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_sdk.py:22
from opentelemetry.sdk._configuration._resource import create_resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a89960166fe9f7d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_sdk.py:23
from opentelemetry.sdk._configuration._tracer_provider import (
    configure_tracer_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #050369f1887f79c0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_sdk.py:26
from opentelemetry.sdk._configuration.models import OpenTelemetryConfiguration

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d1acca4a6a24132 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:8
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2bb08f0b34d4ff31 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:9
from opentelemetry.sdk._configuration._common import (
    _map_compression,
    _parse_headers,
    load_entry_point,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1498be6c5445f010 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:14
from opentelemetry.sdk._configuration._exceptions import ConfigurationError

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #36da99802181825c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:15
from opentelemetry.sdk._configuration.models import (
    ExperimentalComposableRuleBasedSampler as RuleBasedSamplerConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a277919e34206c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:18
from opentelemetry.sdk._configuration.models import (
    ExperimentalComposableRuleBasedSamplerRule as RuleBasedSamplerRuleConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d44e76a25b01b659 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:21
from opentelemetry.sdk._configuration.models import (
    ExperimentalComposableSampler as ComposableSamplerConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cbee547f91e892bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:24
from opentelemetry.sdk._configuration.models import (
    OtlpGrpcExporter as OtlpGrpcExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3be360b64d99a508 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:27
from opentelemetry.sdk._configuration.models import (
    OtlpHttpExporter as OtlpHttpExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #54992fe63ff07dc3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:30
from opentelemetry.sdk._configuration.models import (
    ParentBasedSampler as ParentBasedSamplerConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #59cf5a4b8ee9a5f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:33
from opentelemetry.sdk._configuration.models import (
    Sampler as SamplerConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0242b22a0f24c6ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:36
from opentelemetry.sdk._configuration.models import (
    SpanExporter as SpanExporterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #207aa252e835a472 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:39
from opentelemetry.sdk._configuration.models import (
    SpanLimits as SpanLimitsConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6bba93e3881c7eb0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:42
from opentelemetry.sdk._configuration.models import (
    SpanProcessor as SpanProcessorConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3afe80de2e5ca523 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:45
from opentelemetry.sdk._configuration.models import (
    TracerProvider as TracerProviderConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #82b2ec3737e436b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:48
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d517edd05863fb41 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:49
from opentelemetry.sdk.trace import (
    _DEFAULT_OTEL_EVENT_ATTRIBUTE_COUNT_LIMIT,
    _DEFAULT_OTEL_LINK_ATTRIBUTE_COUNT_LIMIT,
    _DEFAULT_OTEL_SPAN_ATTRIBUTE_COUNT_LIMIT,
    _DEFAULT_OTEL_SPAN_EVENT_COUNT_LIMIT,
    _DEFAULT_OTEL_SPAN_LINK_COUNT_LIMIT,
    SpanLimits,
    TracerProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a01e86635b6677b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:58
from opentelemetry.sdk.trace._sampling_experimental import (
    ComposableSampler,
    composable_always_off,
    composable_always_on,
    composable_parent_threshold,
    composable_rule_based,
    composable_traceid_ratio_based,
    composite_sampler,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1e86a83ce85cbb54 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:67
from opentelemetry.sdk.trace._sampling_experimental._rule_based import (
    AllPredicate,
    AlwaysMatchPredicate,
    AttributePatternsPredicate,
    AttributeValuesPredicate,
    ParentPredicate,
    PredicateT,
    RulesT,
    SpanKindPredicate,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3aeb9020214fae09 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:77
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    ConsoleSpanExporter,
    SimpleSpanProcessor,
    SpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bca3adefc09c3e98 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:83
from opentelemetry.sdk.trace.sampling import (
    ALWAYS_OFF,
    ALWAYS_ON,
    ParentBased,
    Sampler,
    TraceIdRatioBased,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #04699116fab27a7f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:90
from opentelemetry.trace import SpanKind as TraceSpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1c129ed55164e379 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:104
        from opentelemetry.exporter.otlp.proto.http import (  # type: ignore[import-untyped]  # noqa: PLC0415
            Compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fb4a020585bc0139 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:107
        from opentelemetry.exporter.otlp.proto.http.trace_exporter import (  # type: ignore[import-untyped]  # noqa: PLC0415
            OTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #de4a592cd99f7c26 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_tracer_provider.py:138
        from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (  # type: ignore[import-untyped]  # noqa: PLC0415
            OTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #28c16785643534a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/__init__.py:16
from opentelemetry.sdk._configuration._exceptions import ConfigurationError

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b2318e9443af18d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/__init__.py:17
from opentelemetry.sdk._configuration._logger_provider import (
    configure_logger_provider,
    create_logger_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec8eebd91a63b121 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/__init__.py:21
from opentelemetry.sdk._configuration._meter_provider import (
    configure_meter_provider,
    create_meter_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #287c31a30fb51951 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/__init__.py:25
from opentelemetry.sdk._configuration._propagator import (
    configure_propagator,
    create_propagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fc54047b144af06b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/__init__.py:29
from opentelemetry.sdk._configuration._resource import create_resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0448b29cb51e2686 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/__init__.py:30
from opentelemetry.sdk._configuration._sdk import configure_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ceee6ce3d43392ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/__init__.py:31
from opentelemetry.sdk._configuration._tracer_provider import (
    configure_tracer_provider,
    create_tracer_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5dcbbb6e1509c4e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/__init__.py:35
from opentelemetry.sdk._configuration.file._env_substitution import (
    EnvSubstitutionError,
    substitute_env_vars,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #098f4fd2eec50a1a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/__init__.py:39
from opentelemetry.sdk._configuration.file._loader import load_config_file

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f002b2cba9df3e8d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/_loader.py:13
from opentelemetry.sdk._configuration._conversion import _dict_to_dataclass

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b8002834743338cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/_loader.py:14
from opentelemetry.sdk._configuration._exceptions import ConfigurationError

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f035382acc41a43 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/_loader.py:15
from opentelemetry.sdk._configuration.file._env_substitution import (
    substitute_env_vars,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e57daf95f5440ee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/_loader.py:18
from opentelemetry.sdk._configuration.models import OpenTelemetryConfiguration

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7b2b3a08a0b528d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/models.py:11
from opentelemetry.sdk._configuration._common import _additional_properties

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f79b09ec66c5bfd6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_events/__init__.py:9
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ad53cf740c578891 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_events/__init__.py:10
from opentelemetry._events import Event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #efd9d15bdd98e08e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_events/__init__.py:11
from opentelemetry._events import EventLogger as APIEventLogger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #30db69f4a3242b02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_events/__init__.py:12
from opentelemetry._events import EventLoggerProvider as APIEventLoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2724fb493ddd8928 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_events/__init__.py:13
from opentelemetry._logs import (
    LogRecord,
    NoOpLogger,
    SeverityNumber,
    get_logger_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4cebec8b0041b82d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_events/__init__.py:19
from opentelemetry.sdk._logs import Logger, LoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #93d1c55e948956a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_events/__init__.py:20
from opentelemetry.util.types import _ExtendedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1119c589fe08374b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/__init__.py:4
from opentelemetry.sdk._logs._internal import (
    LogDroppedAttributesWarning,
    Logger,
    LoggerProvider,
    LoggingHandler,
    LogLimits,
    LogRecordDroppedAttributesWarning,
    LogRecordLimits,
    LogRecordProcessor,
    ReadableLogRecord,
    ReadWriteLogRecord,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b8432b972411b8ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:28
from opentelemetry._logs import Logger as APILogger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1af36ac7f98f2f40 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:29
from opentelemetry._logs import LoggerProvider as APILoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7da0b4eef96f3f9e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:30
from opentelemetry._logs import (
    LogRecord,
    NoOpLogger,
    SeverityNumber,
    get_logger,
    get_logger_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5eb64dc3fb421c54 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:37
from opentelemetry.attributes import _VALID_ANY_VALUE_TYPES, BoundedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2637b3289d7080b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:38
from opentelemetry.context import get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dca32a2c951788d8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:39
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c8767e4b3b2850e8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:40
from opentelemetry.metrics import MeterProvider, get_meter_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2ce4500abc3fdae2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:41
from opentelemetry.sdk._logs._internal._exceptions import (
    _copy_log_record_with_exception,
    _create_log_record_with_exception,
    _set_log_record_exception_attributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #57bdb16f97640af7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:46
from opentelemetry.sdk._logs._internal._logger_metrics import (
    LoggerMetricsT,
    create_logger_metrics,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9032823e561a4f76 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:50
from opentelemetry.sdk.environment_variables import (
    OTEL_ATTRIBUTE_COUNT_LIMIT,
    OTEL_ATTRIBUTE_VALUE_LENGTH_LIMIT,
    OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED,
    OTEL_SDK_DISABLED,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #582472b42d528ed2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:56
from opentelemetry.sdk.environment_variables._internal import (
    parse_boolean_environment_variable,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #980d65bc2bb386ed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:59
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #51cdea4df2af9c70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:60
from opentelemetry.sdk.util import ns_to_iso_str

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #52d39bba7655236b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:61
from opentelemetry.sdk.util._configurator import RuleBasedConfigurator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #474c45244d43698b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:62
from opentelemetry.sdk.util.instrumentation import (
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #90d329bba3084fd1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:65
from opentelemetry.semconv._incubating.attributes import code_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cad8744b7affb7e7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:66
from opentelemetry.semconv.attributes import exception_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #87103dbddde86150 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:67
from opentelemetry.trace import (
    format_span_id,
    format_trace_id,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #40710c0c467690e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:71
from opentelemetry.util.types import AnyValue, _ExtendedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e807ac31a9b3017 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/_exceptions.py:7
from opentelemetry._logs import LogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #77a02cb65aff6b60 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/_exceptions.py:8
from opentelemetry.attributes import BoundedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5626d24e3ab5b541 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/_exceptions.py:9
from opentelemetry.semconv.attributes import exception_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fdbdacc4ff69745a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/_exceptions.py:10
from opentelemetry.util.types import AnyValue, _ExtendedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cd215d05abef5f68 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/_logger_metrics.py:6
from opentelemetry import metrics as metrics_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9bd947e2ddefb2f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/_logger_metrics.py:7
from opentelemetry.semconv._incubating.metrics.otel_metrics import (
    create_otel_sdk_log_created,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #102b5bb213bac6be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:15
from opentelemetry.context import (
    _ON_EMIT_RECURSION_COUNT_KEY,
    _SUPPRESS_INSTRUMENTATION_KEY,
    attach,
    detach,
    get_value,
    set_value,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #31319b80b7fa0e11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:23
from opentelemetry.metrics import MeterProvider, get_meter_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca28c9875dffe5e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:24
from opentelemetry.sdk._logs import (
    LogRecordProcessor,
    ReadableLogRecord,
    ReadWriteLogRecord,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b88eca34953f2afb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:29
from opentelemetry.sdk._shared_internal import (
    BatchProcessor,
    DuplicateFilter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #40ad6d947e26010b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:33
from opentelemetry.sdk._shared_internal._processor_metrics import (
    create_processor_metrics,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cb6c6b1b9acafbf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:36
from opentelemetry.sdk.environment_variables import (
    OTEL_BLRP_EXPORT_TIMEOUT,
    OTEL_BLRP_MAX_EXPORT_BATCH_SIZE,
    OTEL_BLRP_MAX_QUEUE_SIZE,
    OTEL_BLRP_SCHEDULE_DELAY,
    OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #690ba1f07cf68044 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:43
from opentelemetry.sdk.environment_variables._internal import (
    parse_boolean_environment_variable,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a0fcc8cfaf51745a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:46
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0367b33b7ff09ef5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:47
from opentelemetry.semconv._incubating.attributes.otel_attributes import (
    OtelComponentTypeValues,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e788cfdcc1bd5762 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/in_memory_log_exporter.py:9
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4700d8159fe3af04 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/in_memory_log_exporter.py:10
from opentelemetry.sdk._logs.export import (
    LogRecordExporter,
    LogRecordExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf51019245321147 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/export/__init__.py:4
from opentelemetry.sdk._logs._internal.export import (
    BatchLogRecordProcessor,
    ConsoleLogExporter,
    ConsoleLogRecordExporter,
    LogExporter,
    LogExportResult,
    LogRecordExporter,
    LogRecordExportResult,
    SimpleLogRecordProcessor,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b5aeb79c93f1c9b7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/export/__init__.py:16
from opentelemetry.sdk._logs._internal.export.in_memory_log_exporter import (
    InMemoryLogExporter,
    InMemoryLogRecordExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a43a43d188b7c595 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_shared_internal/__init__.py:21
from opentelemetry.context import (
    _SUPPRESS_INSTRUMENTATION_KEY,
    attach,
    detach,
    set_value,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ff270626fdb4410d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_shared_internal/__init__.py:27
from opentelemetry.sdk._shared_internal._processor_metrics import (
    ProcessorMetricsT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d982bfb66a334c4a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_shared_internal/__init__.py:30
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a4093b9a11af0fa2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_shared_internal/_processor_metrics.py:10
from opentelemetry.metrics import CallbackOptions, MeterProvider, Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #02e2fe7b26c829a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_shared_internal/_processor_metrics.py:11
from opentelemetry.semconv._incubating.attributes.otel_attributes import (
    OTEL_COMPONENT_NAME,
    OTEL_COMPONENT_TYPE,
    OtelComponentTypeValues,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21b39d28a78efd2b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_shared_internal/_processor_metrics.py:16
from opentelemetry.semconv._incubating.metrics.otel_metrics import (
    OTEL_SDK_PROCESSOR_LOG_QUEUE_SIZE,
    OTEL_SDK_PROCESSOR_SPAN_QUEUE_SIZE,
    create_otel_sdk_processor_log_processed,
    create_otel_sdk_processor_log_queue_capacity,
    create_otel_sdk_processor_span_processed,
    create_otel_sdk_processor_span_queue_capacity,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b32ef76164e3bc01 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/_shared_internal/_processor_metrics.py:24
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f502e975ee548b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/error_handler/__init__.py:54
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7aade2391be0d075 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/__init__.py:5
from opentelemetry.sdk.metrics import export, view

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e395baf77f1485a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/__init__.py:6
from opentelemetry.sdk.metrics._internal import Meter, MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e422ad7d1ddc1b69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/__init__.py:7
from opentelemetry.sdk.metrics._internal.exceptions import MetricsTimeoutError

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8e0973872d40a457 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/__init__.py:8
from opentelemetry.sdk.metrics._internal.exemplar import (
    AlignedHistogramBucketExemplarReservoir,
    AlwaysOffExemplarFilter,
    AlwaysOnExemplarFilter,
    Exemplar,
    ExemplarFilter,
    ExemplarReservoir,
    SimpleFixedSizeExemplarReservoir,
    TraceBasedExemplarFilter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cc583869356da55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/__init__.py:18
from opentelemetry.sdk.metrics._internal.instrument import (
    Counter,
    Histogram,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    UpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f657aa461799816e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/__init__.py:26
from opentelemetry.sdk.metrics._internal.instrument import Gauge as _Gauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #906c0cd723ab2fc6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:14
import opentelemetry.sdk.metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e652f75ef45ad5c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:15
from opentelemetry.metrics import Counter as APICounter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #75cfccb430c99963 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:16
from opentelemetry.metrics import Histogram as APIHistogram

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #12841c7fc0c62df0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:17
from opentelemetry.metrics import Meter as APIMeter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #03c9f360ab24f0d8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:18
from opentelemetry.metrics import MeterProvider as APIMeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6fc3b9ef296dfa51 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:19
from opentelemetry.metrics import NoOpMeter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #51605e1b41fa401d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:20
from opentelemetry.metrics import ObservableCounter as APIObservableCounter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9ceccd346d8c1b58 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:21
from opentelemetry.metrics import ObservableGauge as APIObservableGauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d749462bfb7c77b7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:22
from opentelemetry.metrics import (
    ObservableUpDownCounter as APIObservableUpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b68127bf80c43945 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:25
from opentelemetry.metrics import UpDownCounter as APIUpDownCounter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7c9db9aa276c584e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:26
from opentelemetry.metrics import _Gauge as APIGauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a53c0e2ae6b0189b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:27
from opentelemetry.sdk.environment_variables import (
    OTEL_METRICS_EXEMPLAR_FILTER,
    OTEL_SDK_DISABLED,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4d4eb8012c9b7df5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:31
from opentelemetry.sdk.metrics._internal.exceptions import MetricsTimeoutError

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e7d9a49e887ee65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:32
from opentelemetry.sdk.metrics._internal.exemplar import (
    AlwaysOffExemplarFilter,
    AlwaysOnExemplarFilter,
    ExemplarFilter,
    TraceBasedExemplarFilter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6a8328300ad5585d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:38
from opentelemetry.sdk.metrics._internal.instrument import (
    _Counter,
    _Gauge,
    _Histogram,
    _ObservableCounter,
    _ObservableGauge,
    _ObservableUpDownCounter,
    _UpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4ac53a3f69feca0a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:47
from opentelemetry.sdk.metrics._internal.measurement_consumer import (
    MeasurementConsumer,
    SynchronousMeasurementConsumer,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6dda7d31aa977a92 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:51
from opentelemetry.sdk.metrics._internal.sdk_configuration import (
    SdkConfiguration,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7ded03e856f8dad3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:54
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f20b617a25ccb4f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:55
from opentelemetry.sdk.util._configurator import RuleBasedConfigurator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c571dda0f55245c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:56
from opentelemetry.sdk.util.instrumentation import (
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #acb24f719ec50025 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:59
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dc30a14436448a4d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:60
from opentelemetry.util.types import (
    Attributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f6a8508ba49fb6d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/_view_instrument_match.py:11
from opentelemetry.sdk.metrics._internal.aggregation import (
    Aggregation,
    AggregationTemporality,
    DefaultAggregation,
    _Aggregation,
    _SumAggregation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #603027b0044d54a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/_view_instrument_match.py:18
from opentelemetry.sdk.metrics._internal.instrument import _Instrument

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4b374825f8f50d89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/_view_instrument_match.py:19
from opentelemetry.sdk.metrics._internal.measurement import Measurement

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f201ae318351664a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/_view_instrument_match.py:20
from opentelemetry.sdk.metrics._internal.point import DataPointT

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4d737424c2bd21ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/_view_instrument_match.py:21
from opentelemetry.sdk.metrics._internal.view import View

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8ee2703111d853f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:20
from opentelemetry.metrics import (
    Asynchronous,
    Counter,
    Histogram,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    Synchronous,
    UpDownCounter,
    _Gauge,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #36cc93187563b2ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:31
from opentelemetry.sdk.metrics._internal.exemplar import (
    Exemplar,
    ExemplarReservoirBuilder,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b57e8e4b2d228133 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:35
from opentelemetry.sdk.metrics._internal.exponential_histogram.buckets import (
    Buckets,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aac4a85f71a72e17 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:38
from opentelemetry.sdk.metrics._internal.exponential_histogram.mapping import (
    Mapping,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2201ffc75734cee6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:41
from opentelemetry.sdk.metrics._internal.exponential_histogram.mapping.exponent_mapping import (
    ExponentMapping,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a1e311d63c193988 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:44
from opentelemetry.sdk.metrics._internal.exponential_histogram.mapping.logarithm_mapping import (
    LogarithmMapping,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6110e37838659833 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:47
from opentelemetry.sdk.metrics._internal.instrument import _Instrument

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bd352a6e604c667c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:48
from opentelemetry.sdk.metrics._internal.measurement import Measurement

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ab6b6ba882509799 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:49
from opentelemetry.sdk.metrics._internal.point import Buckets as BucketsPoint

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a84fbaed139eb391 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:50
from opentelemetry.sdk.metrics._internal.point import (
    ExponentialHistogramDataPoint,
    HistogramDataPoint,
    NumberDataPoint,
    Sum,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #036c0c5123f84f7a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:56
from opentelemetry.sdk.metrics._internal.point import Gauge as GaugePoint

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e1b8ee07e60459c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:57
from opentelemetry.sdk.metrics._internal.point import (
    Histogram as HistogramPoint,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #abf6bec807a6fd4d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/aggregation.py:60
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d51efdbad709e56b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exemplar/exemplar.py:6
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #378895b68cb9385b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exemplar/exemplar_filter.py:6
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d46e7510a26536e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exemplar/exemplar_filter.py:7
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8da010560de99960 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exemplar/exemplar_filter.py:8
from opentelemetry.trace.span import INVALID_SPAN

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1eec8f5ec7ec810e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exemplar/exemplar_filter.py:9
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d5b78880c6553a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exemplar/exemplar_reservoir.py:12
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #afc8aff5cbf61d5e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exemplar/exemplar_reservoir.py:13
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #440168e76424bb8c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exemplar/exemplar_reservoir.py:14
from opentelemetry.trace.span import INVALID_SPAN

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1839b68b92d58cd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exemplar/exemplar_reservoir.py:15
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba8163e1a3864a0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exponential_histogram/mapping/exponent_mapping.py:7
from opentelemetry.sdk.metrics._internal.exponential_histogram.mapping import (
    Mapping,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4186d14d74824ccb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exponential_histogram/mapping/exponent_mapping.py:10
from opentelemetry.sdk.metrics._internal.exponential_histogram.mapping.errors import (
    MappingOverflowError,
    MappingUnderflowError,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e4798a867ead2a76 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exponential_histogram/mapping/exponent_mapping.py:14
from opentelemetry.sdk.metrics._internal.exponential_histogram.mapping.ieee_754 import (
    MANTISSA_WIDTH,
    MAX_NORMAL_EXPONENT,
    MIN_NORMAL_EXPONENT,
    MIN_NORMAL_VALUE,
    get_ieee_754_exponent,
    get_ieee_754_mantissa,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d0928c8a15b8de8d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exponential_histogram/mapping/logarithm_mapping.py:7
from opentelemetry.sdk.metrics._internal.exponential_histogram.mapping import (
    Mapping,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f0aa0cf5ac7b8d61 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exponential_histogram/mapping/logarithm_mapping.py:10
from opentelemetry.sdk.metrics._internal.exponential_histogram.mapping.errors import (
    MappingOverflowError,
    MappingUnderflowError,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fe30ed545ff74284 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/exponential_histogram/mapping/logarithm_mapping.py:14
from opentelemetry.sdk.metrics._internal.exponential_histogram.mapping.ieee_754 import (
    MAX_NORMAL_EXPONENT,
    MIN_NORMAL_EXPONENT,
    MIN_NORMAL_VALUE,
    get_ieee_754_exponent,
    get_ieee_754_mantissa,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #64e57deb1e1a711c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:21
import opentelemetry.sdk.metrics._internal

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9c4815ea2decc361 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:22
from opentelemetry.context import (
    _SUPPRESS_INSTRUMENTATION_KEY,
    attach,
    detach,
    set_value,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d842185f1c94e138 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:28
from opentelemetry.metrics import MeterProvider, NoOpMeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #803d8ffca9b4e3b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:29
from opentelemetry.sdk.environment_variables import (
    OTEL_METRIC_EXPORT_INTERVAL,
    OTEL_METRIC_EXPORT_TIMEOUT,
    OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a9b60c95afb5f70f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:34
from opentelemetry.sdk.environment_variables._internal import (
    parse_boolean_environment_variable,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c587e93d55259c61 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:37
from opentelemetry.sdk.metrics._internal.aggregation import (
    AggregationTemporality,
    DefaultAggregation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3890514af734f0c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:41
from opentelemetry.sdk.metrics._internal.exceptions import MetricsTimeoutError

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b676039d8c982e7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:42
from opentelemetry.sdk.metrics._internal.instrument import (
    Counter,
    Gauge,
    Histogram,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    UpDownCounter,
    _Counter,
    _Gauge,
    _Histogram,
    _ObservableCounter,
    _ObservableGauge,
    _ObservableUpDownCounter,
    _UpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c03ba93262d543a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:58
from opentelemetry.sdk.metrics._internal.point import MetricsData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9330c5f9b8904a6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:59
from opentelemetry.semconv._incubating.attributes.otel_attributes import (
    OtelComponentTypeValues,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d245eeba9e97e06a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:62
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #19f6c3f0be4dfea6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/_metric_reader_metrics.py:7
from opentelemetry.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #465f0029fde8dd01 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/_metric_reader_metrics.py:8
from opentelemetry.semconv._incubating.attributes.otel_attributes import (
    OTEL_COMPONENT_NAME,
    OTEL_COMPONENT_TYPE,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72d84b18b99ff116 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/_metric_reader_metrics.py:12
from opentelemetry.semconv._incubating.metrics.otel_metrics import (
    create_otel_sdk_metric_reader_collection_duration,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d53ce00685f1759c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:18
from opentelemetry.context import Context, get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f79280ba45164e55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:19
from opentelemetry.metrics import Asynchronous, CallbackT, Synchronous

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #55e77d3881ef84ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:20
from opentelemetry.metrics import Counter as APICounter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #717aad8f4e9ba26b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:21
from opentelemetry.metrics import Histogram as APIHistogram

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c40435eaaeefe1c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:22
from opentelemetry.metrics import ObservableCounter as APIObservableCounter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c7e37cb2ee762a84 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:23
from opentelemetry.metrics import ObservableGauge as APIObservableGauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df0ec63d7dbe5092 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:24
from opentelemetry.metrics import (
    ObservableUpDownCounter as APIObservableUpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #05b010cf0d408af7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:27
from opentelemetry.metrics import UpDownCounter as APIUpDownCounter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #854e74122e77e4ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:28
from opentelemetry.metrics import _Gauge as APIGauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #db6362a2ca0903a2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:29
from opentelemetry.metrics._internal.instrument import (
    CallbackOptions,
    _MetricsHistogramAdvisory,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dee9843bfd2e5a93 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:33
from opentelemetry.sdk.metrics._internal.measurement import Measurement

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ebad1213e7efbc04 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:36
    from opentelemetry.sdk.metrics._internal import (
        _ProxyMeterConfig,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d608f434c00a6242 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:39
    from opentelemetry.sdk.metrics._internal.measurement_consumer import (
        MeasurementConsumer,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3db8aad614894a9c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/instrument.py:42
    from opentelemetry.sdk.util.instrumentation import InstrumentationScope

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1e539421a9776d3f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/measurement.py:9
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8b66cfcf0cc041e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/measurement.py:10
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #71bb99b24d6e3869 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/measurement.py:13
    from opentelemetry.sdk.metrics._internal.instrument import _Instrument

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b0548dde307b95d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/measurement_consumer.py:12
import opentelemetry.sdk.metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9ad6c91a42a1dbb1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/measurement_consumer.py:13
import opentelemetry.sdk.metrics._internal.instrument

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec43537161e9db36 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/measurement_consumer.py:14
from opentelemetry.metrics._internal.instrument import CallbackOptions

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d5e728c74a6e2c30 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/measurement_consumer.py:15
from opentelemetry.sdk.metrics._internal.exceptions import MetricsTimeoutError

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca738a12c2f696b1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/measurement_consumer.py:16
from opentelemetry.sdk.metrics._internal.measurement import Measurement

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #48678c33d35e92bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/measurement_consumer.py:17
from opentelemetry.sdk.metrics._internal.metric_reader_storage import (
    MetricReaderStorage,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1c4180c406d62eec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/measurement_consumer.py:20
from opentelemetry.sdk.metrics._internal.point import MetricsData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #14d27833b47a593e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/metric_reader_storage.py:8
from opentelemetry.metrics import (
    Asynchronous,
    Counter,
    ObservableCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21aea448f1a0c345 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/metric_reader_storage.py:13
from opentelemetry.sdk.metrics._internal._view_instrument_match import (
    _ViewInstrumentMatch,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4cf57aaf3c8fe749 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/metric_reader_storage.py:16
from opentelemetry.sdk.metrics._internal.aggregation import (
    Aggregation,
    AggregationTemporality,
    ExplicitBucketHistogramAggregation,
    _DropAggregation,
    _ExplicitBucketHistogramAggregation,
    _ExponentialBucketHistogramAggregation,
    _LastValueAggregation,
    _SumAggregation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6955c4689f3de4b5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/metric_reader_storage.py:26
from opentelemetry.sdk.metrics._internal.instrument import _Instrument

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b9d63677e5f55eea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/metric_reader_storage.py:27
from opentelemetry.sdk.metrics._internal.measurement import Measurement

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #25877d6d33b54283 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/metric_reader_storage.py:28
from opentelemetry.sdk.metrics._internal.point import (
    ExponentialHistogram,
    Gauge,
    Histogram,
    Metric,
    MetricsData,
    ResourceMetrics,
    ScopeMetrics,
    Sum,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f25a86c7f4535a10 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/metric_reader_storage.py:38
from opentelemetry.sdk.metrics._internal.sdk_configuration import (
    SdkConfiguration,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6eab5795cc0c3211 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/metric_reader_storage.py:41
from opentelemetry.sdk.metrics._internal.view import View

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d8a91e1f230c170 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/metric_reader_storage.py:42
from opentelemetry.sdk.util.instrumentation import InstrumentationScope

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b3e9290d3b6c402c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/point.py:11
import opentelemetry.sdk.metrics._internal

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #06d7d03f2d3b8934 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/point.py:12
from opentelemetry.sdk.metrics._internal.exemplar import Exemplar

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e900c4dfb679ee4e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/point.py:13
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e25ba84a38ce77bc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/point.py:14
from opentelemetry.sdk.util.instrumentation import InstrumentationScope

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e752a96c046a4acd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/point.py:15
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cab5918f4f6d2e85 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/sdk_configuration.py:10
import opentelemetry.sdk.metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9bba3574e0129cc8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/sdk_configuration.py:11
import opentelemetry.sdk.resources

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #86cbe002bb18db04 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/view.py:9
from opentelemetry.metrics import Instrument

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d08cb31f3cb2253c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/view.py:10
from opentelemetry.sdk.metrics._internal.aggregation import (
    Aggregation,
    DefaultAggregation,
    _Aggregation,
    _ExplicitBucketHistogramAggregation,
    _ExponentialBucketHistogramAggregation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #777e0d5c3c98b6d6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/view.py:17
from opentelemetry.sdk.metrics._internal.exemplar import (
    AlignedHistogramBucketExemplarReservoir,
    ExemplarReservoirBuilder,
    SimpleFixedSizeExemplarReservoir,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #86b72396fd0e6118 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/view.py:22
from opentelemetry.sdk.metrics._internal.instrument import _Instrument

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #15d5fd69ef5bb24b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/export/__init__.py:5
from opentelemetry.sdk.metrics._internal.aggregation import (
    AggregationTemporality,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4c3be5969c18a092 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/export/__init__.py:8
from opentelemetry.sdk.metrics._internal.export import (
    ConsoleMetricExporter,
    InMemoryMetricReader,
    MetricExporter,
    MetricExportResult,
    MetricReader,
    PeriodicExportingMetricReader,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #845e3c651502bff8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/export/__init__.py:18
from opentelemetry.sdk.metrics._internal.point import (  # noqa: F401
    Buckets,
    DataPointT,
    DataT,
    ExponentialHistogram,
    ExponentialHistogramDataPoint,
    Gauge,
    Histogram,
    HistogramDataPoint,
    Metric,
    MetricsData,
    NumberDataPoint,
    ResourceMetrics,
    ScopeMetrics,
    Sum,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4084723d27540b0c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/view/__init__.py:4
from opentelemetry.sdk.metrics._internal.aggregation import (
    Aggregation,
    DefaultAggregation,
    DropAggregation,
    ExplicitBucketHistogramAggregation,
    ExponentialBucketHistogramAggregation,
    LastValueAggregation,
    SumAggregation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a0671ddec6ced3a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/view/__init__.py:13
from opentelemetry.sdk.metrics._internal.view import View

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fd4e277651591524 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/resources/__init__.py:67
from opentelemetry.attributes import BoundedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2454cc3011c7b8a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/resources/__init__.py:68
from opentelemetry.sdk.environment_variables import (
    OTEL_EXPERIMENTAL_RESOURCE_DETECTORS,
    OTEL_RESOURCE_ATTRIBUTES,
    OTEL_SERVICE_NAME,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0abc200d5d78763e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/resources/__init__.py:73
from opentelemetry.sdk.version import (
    __version__ as _OPENTELEMETRY_SDK_VERSION,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #79c1634c2ed214cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/resources/__init__.py:76
from opentelemetry.semconv.resource import ResourceAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6ef0a33ebd7df90b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/resources/__init__.py:77
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bb7b7a4b00770b0a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/resources/__init__.py:525
    from opentelemetry.util._importlib_metadata import (  # noqa: PLC0415
        entry_points,  # type: ignore[reportUnknownVariableType]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee820ecea72cb564 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:33
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c5111e6fcdab55aa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:34
from opentelemetry import metrics as metrics_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4f10328fad88df15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:35
from opentelemetry import trace as trace_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97ac982fb544dc03 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:36
from opentelemetry.attributes import BoundedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eef95603e2ae62a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:37
from opentelemetry.sdk import util

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #36ef7d7f4293d754 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:38
from opentelemetry.sdk.environment_variables import (
    OTEL_ATTRIBUTE_COUNT_LIMIT,
    OTEL_ATTRIBUTE_VALUE_LENGTH_LIMIT,
    OTEL_EVENT_ATTRIBUTE_COUNT_LIMIT,
    OTEL_LINK_ATTRIBUTE_COUNT_LIMIT,
    OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED,
    OTEL_SDK_DISABLED,
    OTEL_SPAN_ATTRIBUTE_COUNT_LIMIT,
    OTEL_SPAN_ATTRIBUTE_VALUE_LENGTH_LIMIT,
    OTEL_SPAN_EVENT_COUNT_LIMIT,
    OTEL_SPAN_LINK_COUNT_LIMIT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b364d8a10fb7a39a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:50
from opentelemetry.sdk.environment_variables._internal import (
    parse_boolean_environment_variable,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4f282498207707f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:53
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #85ef3dd3a1a2910a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:54
from opentelemetry.sdk.trace import sampling

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3d9d3c58868118bc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:55
from opentelemetry.sdk.trace._tracer_metrics import create_tracer_metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a14199505f9e2ccc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:56
from opentelemetry.sdk.trace.id_generator import IdGenerator, RandomIdGenerator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #84d3f457d210b5dd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:57
from opentelemetry.sdk.util import BoundedList

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #de145f943c7dff42 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:58
from opentelemetry.sdk.util._configurator import RuleBasedConfigurator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #22ababea9e7f181f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:59
from opentelemetry.sdk.util.instrumentation import (
    InstrumentationInfo,
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9422e790db7d4f08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:63
from opentelemetry.semconv.attributes.exception_attributes import (
    EXCEPTION_ESCAPED,
    EXCEPTION_MESSAGE,
    EXCEPTION_STACKTRACE,
    EXCEPTION_TYPE,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b122b875f2507877 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:69
from opentelemetry.trace import NoOpTracer, SpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f1b85bde847bccd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:70
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4c6644862efa4c35 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:71
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #211a9584900e9d97 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:72
from opentelemetry.util._decorator import _agnosticcontextmanager

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e5530ba8201ff2ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_always_off.py:8
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a8f8e32766f501bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_always_off.py:9
from opentelemetry.trace import Link, SpanKind, TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b30177e74609b3fe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_always_off.py:10
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c552fe409a342a3f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_always_on.py:8
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9095a5348602b085 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_always_on.py:9
from opentelemetry.trace import Link, SpanKind, TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #69f8a47754833c0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_always_on.py:10
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1ce7bad213f8b2d3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_composable.py:10
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1385b42ec65d438a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_composable.py:11
from opentelemetry.trace import Link, SpanKind, TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b12abcdcdbbeeea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_composable.py:12
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #98914b822180c517 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_parent_threshold.py:8
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d1332c790a1881c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_parent_threshold.py:9
from opentelemetry.trace import Link, SpanKind, TraceState, get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4f9063d0d8caca9d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_parent_threshold.py:10
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f375230e8c97a93c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_rule_based.py:11
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ac7a551519837049 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_rule_based.py:12
from opentelemetry.trace import (
    Link,
    SpanKind,
    TraceState,
    get_current_span,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e29c2c7328a1971b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_rule_based.py:18
from opentelemetry.util.types import AnyValue, Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bc01bd4ed3f4e56c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_sampler.py:8
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5325d73c312d47e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_sampler.py:9
from opentelemetry.sdk.trace.sampling import Decision, Sampler, SamplingResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #22b66a1664a753c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_sampler.py:10
from opentelemetry.trace import Link, SpanKind, TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #83c1965210427cc0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_sampler.py:11
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #92d0fb9784713990 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_trace_state.py:9
from opentelemetry.trace import TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b6cc6e137cc364a4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_traceid_ratio.py:8
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b2011052a2a17049 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_traceid_ratio.py:9
from opentelemetry.trace import Link, SpanKind, TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #39a8a1c125a92cce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_sampling_experimental/_traceid_ratio.py:10
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f9d46b8db714aca1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_tracer_metrics.py:9
from opentelemetry import metrics as metrics_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eac14fd6f44d7491 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_tracer_metrics.py:10
from opentelemetry.sdk.trace.sampling import Decision

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a7a3fc52f3312dbb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_tracer_metrics.py:11
from opentelemetry.semconv._incubating.attributes.otel_attributes import (
    OTEL_SPAN_PARENT_ORIGIN,
    OTEL_SPAN_SAMPLING_RESULT,
    OtelSpanSamplingResultValues,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #42acc127cf38dd0a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_tracer_metrics.py:16
from opentelemetry.semconv._incubating.metrics.otel_metrics import (
    create_otel_sdk_span_live,
    create_otel_sdk_span_started,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f79171a5ef4e491b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/_tracer_metrics.py:20
from opentelemetry.trace.span import SpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cc6ae82cd5fc9b11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:12
from opentelemetry.context import (
    _SUPPRESS_INSTRUMENTATION_KEY,
    Context,
    attach,
    detach,
    set_value,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3c3aecf6ff816b55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:19
from opentelemetry.metrics import MeterProvider, get_meter_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e9978f8202ad504f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:20
from opentelemetry.sdk._shared_internal import (
    BatchProcessor,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4a96eca3ac34b6fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:23
from opentelemetry.sdk._shared_internal._processor_metrics import (
    create_processor_metrics,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #46d6f47a9e0e878d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:26
from opentelemetry.sdk.environment_variables import (
    OTEL_BSP_EXPORT_TIMEOUT,
    OTEL_BSP_MAX_EXPORT_BATCH_SIZE,
    OTEL_BSP_MAX_QUEUE_SIZE,
    OTEL_BSP_SCHEDULE_DELAY,
    OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #75f553f1b39d8d7f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:33
from opentelemetry.sdk.environment_variables._internal import (
    parse_boolean_environment_variable,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ed3ced2897955262 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:36
from opentelemetry.sdk.trace import ReadableSpan, Span, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d73e80a0fabacbfb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:37
from opentelemetry.semconv._incubating.attributes.otel_attributes import (
    OtelComponentTypeValues,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4a5dd86e868187ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/in_memory_span_exporter.py:7
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c560bee5b857975b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/in_memory_span_exporter.py:8
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9730a1eed4703220 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/id_generator.py:7
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #383b8918960992b1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/sampling.py:135
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7733e3defc5d4558 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/sampling.py:136
from opentelemetry.sdk.environment_variables import (
    OTEL_TRACES_SAMPLER,
    OTEL_TRACES_SAMPLER_ARG,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c52374c62812cc1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/sampling.py:140
from opentelemetry.trace import Link, SpanKind, get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cbf966cadcfe984e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/sampling.py:141
from opentelemetry.trace.span import TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e176c1a0794814e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/sampling.py:142
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #73edc4cc59ab1828 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/util/__init__.pyi:28
from opentelemetry.util.types import AttributesAsKey, AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #433183b9ac327395 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/util/_configurator.py:6
from opentelemetry.sdk.util.instrumentation import (
    InstrumentationScope,
    _InstrumentationScopePredicateT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #11fd60db1e4b78e3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/util/instrumentation.py:9
from opentelemetry.attributes import BoundedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a8e865e43d7b5a6c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/sdk/util/instrumentation.py:10
from opentelemetry.util.types import (  # TODO: see if we can remove F401 when using new sphinx version # noqa: F401 # pylint: disable=unused-import
    AnyValue,
    Attributes,
    _ExtendedAttributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 48 low-confidence finding(s)
low env_fs dependency Excluded from app score #031504d2d5a14a65 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:154
    return environ.get(OTEL_TRACES_SAMPLER, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e1e838d74b9cb5f Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:158
    return environ.get(OTEL_PYTHON_ID_GENERATOR, _DEFAULT_ID_GENERATOR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b660f9fe775ca95 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:162
    return environ.get(OTEL_PYTHON_TRACER_CONFIGURATOR, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04fc5ac75bac933c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:166
    return environ.get(OTEL_PYTHON_METER_CONFIGURATOR, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad863c8e5cb9f2b9 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:170
    return environ.get(OTEL_PYTHON_LOGGER_CONFIGURATOR, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #692084244555c88e Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:184
    otlp_protocol = environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bf6d79a50ba4a6b Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:184
    otlp_protocol = environ.get(
        _PROTOCOL_ENV_BY_SIGNAL_TYPE[signal_type]
    ) or environ.get(OTEL_EXPORTER_OTLP_PROTOCOL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85bf4f3ba4d15590 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:186
    ) or environ.get(OTEL_EXPORTER_OTLP_PROTOCOL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ca6d1f79402e8cc Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:220
    names = environ.get(_EXPORTER_ENV_BY_SIGNAL_TYPE.get(signal_type, ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50dc764c5502c6ad Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:506
                rate = float(os.getenv(OTEL_TRACES_SAMPLER_ARG, ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71ae5f9c2a3af374 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:514
            arg = os.getenv(OTEL_TRACES_SAMPLER_ARG)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36ee1101bceb980f Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:663
            os.getenv(
                _OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED, "false"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc265f14d39ca55a Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/__init__.py:724
        if config_file := environ.get(OTEL_CONFIG_FILE):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73f108ed036003f9 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/_resource.py:145
    if service_name := os.environ.get(OTEL_SERVICE_NAME):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e7418bd38cbaae6 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/_env_substitution.py:60
        value = os.environ.get(var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b6cfb33f5af2cc3 Filesystem access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/_loader.py:54
            json.loads(schema_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c46bcdae4500909 Filesystem access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_configuration/file/_loader.py:97
        with open(path, encoding="utf-8") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0a308331882d21c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:170
            if env_var not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17070e778e6fc4ea Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:173
            str_value = environ.get(env_var, "").strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb4aba186bba0421 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/__init__.py:800
        disabled = environ.get(OTEL_SDK_DISABLED, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0693e5c3019cfd77 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:338
                environ.get(OTEL_BLRP_MAX_QUEUE_SIZE, _DEFAULT_MAX_QUEUE_SIZE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #145cf92c21d5c115 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:352
                environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #285070b99640d8b0 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:352
                environ.get(
                    OTEL_BLRP_SCHEDULE_DELAY, _DEFAULT_SCHEDULE_DELAY_MILLIS
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9379d6cd7fe84eb Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:368
                environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09e9f1be8af729d1 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:368
                environ.get(
                    OTEL_BLRP_MAX_EXPORT_BATCH_SIZE,
                    _DEFAULT_MAX_EXPORT_BATCH_SIZE,
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0df3def3bbfd3e8 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:385
                environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #651db0d2bc539859 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/_logs/_internal/export/__init__.py:385
                environ.get(
                    OTEL_BLRP_EXPORT_TIMEOUT, _DEFAULT_EXPORT_TIMEOUT_MILLIS
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1cc2528471889dc Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/environment_variables/_internal.py:13
    value = environ.get(environment_variable)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39a23f26ed2d4c12 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:489
                    environ.get(OTEL_METRICS_EXEMPLAR_FILTER, "trace_based")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e94401ce0181688 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/__init__.py:500
        disabled = environ.get(OTEL_SDK_DISABLED, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #285944b06d89f1cd Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:498
                    environ.get(OTEL_METRIC_EXPORT_INTERVAL, 60000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd784e5e5367c076 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/metrics/_internal/export/__init__.py:508
                    environ.get(OTEL_METRIC_EXPORT_TIMEOUT, 30000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dba4c87fd8c9765c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/resources/__init__.py:300
        env_resources_items = environ.get(OTEL_RESOURCE_ATTRIBUTES)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #365afb7a05f2c509 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/resources/__init__.py:317
        service_name = environ.get(OTEL_SERVICE_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f436e37e8f1240f7 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/resources/__init__.py:511
                for name in environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71dada541067e616 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/resources/__init__.py:511
                for name in environ.get(
                    OTEL_EXPERIMENTAL_RESOURCE_DETECTORS, ""
                ).split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d154d2b4e5f22845 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:735
            if env_var not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #406d6694f42a98b8 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:738
            str_value = environ.get(env_var, "").strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d48f8424c17a2af6 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/__init__.py:1335
        disabled = environ.get(OTEL_SDK_DISABLED, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #004c525e866ef440 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:242
                environ.get(OTEL_BSP_MAX_QUEUE_SIZE, _DEFAULT_MAX_QUEUE_SIZE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd4953cb8bd7c7ff Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:256
                environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6642f7c7c928281 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:256
                environ.get(
                    OTEL_BSP_SCHEDULE_DELAY, _DEFAULT_SCHEDULE_DELAY_MILLIS
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b122936d0f3045a Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:272
                environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fe3b4fdde05e72e Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:272
                environ.get(
                    OTEL_BSP_MAX_EXPORT_BATCH_SIZE,
                    _DEFAULT_MAX_EXPORT_BATCH_SIZE,
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d1ae24e627de1f2 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:289
                environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aea4c7f128d83fb3 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/export/__init__.py:289
                environ.get(
                    OTEL_BSP_EXPORT_TIMEOUT, _DEFAULT_EXPORT_TIMEOUT_MILLIS
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5af2801e2b4ec680 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/sampling.py:421
    trace_sampler = os.getenv(
        OTEL_TRACES_SAMPLER, "parentbased_always_on"
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bef57335d4e8d44 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/sdk/trace/sampling.py:430
            rate = float(os.getenv(OTEL_TRACES_SAMPLER_ARG, ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

opentelemetry-api

python dependency
medium telemetry dependency Excluded from app score #b4d094e388f11995 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:13
from opentelemetry._logs import LogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b7de15ed26f9b002 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:14
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6ee3897621674c18 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:15
from opentelemetry.environment_variables import (
    _OTEL_PYTHON_EVENT_LOGGER_PROVIDER,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b0ea48da0013b8bc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:18
from opentelemetry.trace.span import TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b4aca2f40a4501bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:19
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ebcd764c8e6b9190 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:20
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f0772bf560d58f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:21
from opentelemetry.util.types import AnyValue, _ExtendedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a3ef083ef499b3b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/__init__.py:25
from opentelemetry._logs._internal import (
    Logger,
    LoggerProvider,
    LogRecord,
    NoOpLogger,
    NoOpLoggerProvider,
    get_logger,
    get_logger_provider,
    set_logger_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #596543726e9f94eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/__init__.py:35
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5c8f1a04f6ed727b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:35
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f28b09a5a3b16353 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:36
from opentelemetry.context import get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ce67fb5510e97b78 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:37
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #70858078cfbcdb81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:38
from opentelemetry.environment_variables import _OTEL_PYTHON_LOGGER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a6df9249fc1a31ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:39
from opentelemetry.trace import get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d308fd5a171c4e4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:40
from opentelemetry.trace.span import TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #86573fe669bcaf9d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:41
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b89b77ac8b24a14f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:42
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e4191d7a2ea6e4d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:43
from opentelemetry.util.types import AnyValue, _ExtendedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #10ffcd880917f460 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/attributes/__init__.py:10
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #36ee96dcdedd4277 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:9
from opentelemetry.context import create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e9d668004be468e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:10
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e5dd563d10a47c25 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:11
from opentelemetry.util.re import (
    _BAGGAGE_PROPERTY_FORMAT,
    _KEY_FORMAT,
    _VALUE_FORMAT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a62e07908bed6fcd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:9
from opentelemetry.baggage import _is_valid_pair, get_all, set_baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #71c285d0d70a8cfa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:10
from opentelemetry.context import get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #724894157b9a2927 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:11
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fa8a02093eca0455 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:12
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cab66155b941e95c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:13
from opentelemetry.util.re import _DELIMITER_PATTERN

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c0ac743cbc1e21b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:12
from opentelemetry.context.context import Context, _RuntimeContext  # noqa

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d88673cf55c2c45b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:13
from opentelemetry.context.contextvars_context import ContextVarsRuntimeContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b89344e26a053a2c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:14
from opentelemetry.environment_variables import OTEL_PYTHON_CONTEXT

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f06ea7ec3d0cecd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:30
    from opentelemetry.util._importlib_metadata import (  # noqa: PLC0415
        entry_points,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4e3bffce3c17f0bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/contextvars_context.py:8
from opentelemetry.context.context import Context, _RuntimeContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2345ed299a68dfbf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:31
from opentelemetry.metrics._internal import (
    Meter,
    MeterProvider,
    NoOpMeter,
    NoOpMeterProvider,
    get_meter,
    get_meter_provider,
    set_meter_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a480cdcdda096145 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:40
from opentelemetry.metrics._internal.instrument import (
    Asynchronous,
    CallbackOptions,
    CallbackT,
    Counter,
    Histogram,
    Instrument,
    NoOpCounter,
    NoOpHistogram,
    NoOpObservableCounter,
    NoOpObservableGauge,
    NoOpObservableUpDownCounter,
    NoOpUpDownCounter,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    Synchronous,
    UpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a677e5e78b108d45 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:59
from opentelemetry.metrics._internal.instrument import Gauge as _Gauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #51454624758a25e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:60
from opentelemetry.metrics._internal.instrument import NoOpGauge as _NoOpGauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5bf9b5401a6c702d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:61
from opentelemetry.metrics._internal.observation import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4bda7b3506df1050 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:41
from opentelemetry.environment_variables import OTEL_PYTHON_METER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d94f84a54751bffb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:42
from opentelemetry.metrics._internal.instrument import (
    CallbackT,
    Counter,
    Gauge,
    Histogram,
    NoOpCounter,
    NoOpGauge,
    NoOpHistogram,
    NoOpObservableCounter,
    NoOpObservableGauge,
    NoOpObservableUpDownCounter,
    NoOpUpDownCounter,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    UpDownCounter,
    _MetricsHistogramAdvisory,
    _ProxyCounter,
    _ProxyGauge,
    _ProxyHistogram,
    _ProxyObservableCounter,
    _ProxyObservableGauge,
    _ProxyObservableUpDownCounter,
    _ProxyUpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f8ae60264f0ff357 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:67
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #31edb6df47074c9e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:68
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9ba4f12fa8782f69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:69
from opentelemetry.util.types import (
    Attributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a726b8f675f8a3bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:18
from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b738eb46e0c420d6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:19
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eb03068d17390074 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:20
from opentelemetry.metrics._internal.observation import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ade7db1f0f2da29a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:21
from opentelemetry.util.types import (
    Attributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #57866ba275f110dd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/observation.py:5
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f8dd762a01caccf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/observation.py:6
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f457c2d8a2771489 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:63
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #22050d23511c1f05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:64
from opentelemetry.environment_variables import OTEL_PROPAGATORS

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b8be358c0504a787 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:65
from opentelemetry.propagators import composite, textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dbafd6d17315fe44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:115
        from opentelemetry.baggage.propagation import (  # noqa: PLC0415
            W3CBaggagePropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d47fac19bec4083 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:120
        from opentelemetry.trace.propagation.tracecontext import (  # noqa: PLC0415
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7860d2eec47cdb8e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:129
    from opentelemetry.util._importlib_metadata import (  # noqa: PLC0415
        entry_points,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c7d6e688578457af Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/_envcarrier.py:8
from opentelemetry.propagators.textmap import Getter, Setter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #37836d0af0dd28ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/composite.py:8
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b7bd4c50ba10a1ee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/composite.py:9
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3a9bc3b1b16fec79 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/textmap.py:8
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c2289bf421e98fd5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:74
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d58232831b7cc31f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:75
from opentelemetry.attributes import BoundedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6c0b1fa9d5473c1e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:76
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7f3fc751dfea330c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:77
from opentelemetry.environment_variables import OTEL_PYTHON_TRACER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3a1a84b1a34854cc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:78
from opentelemetry.trace.propagation import (
    _SPAN_KEY,
    get_current_span,
    set_span_in_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #562fb8c4ada3f7b7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:83
from opentelemetry.trace.span import (
    DEFAULT_TRACE_OPTIONS,
    DEFAULT_TRACE_STATE,
    INVALID_SPAN,
    INVALID_SPAN_CONTEXT,
    INVALID_SPAN_ID,
    INVALID_TRACE_ID,
    NonRecordingSpan,
    Span,
    SpanContext,
    TraceFlags,
    TraceState,
    format_span_id,
    format_trace_id,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0e19dbcb6ba2450e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:98
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b5555fdf8dfca47 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:99
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #19b30aab6c7a54d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:100
from opentelemetry.util._decorator import _agnosticcontextmanager

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0533241effeb0f2f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:101
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f99a8bc3284ff22 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:102
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a3cb71950678580d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:4
from opentelemetry.context import create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ed9d67e0c1b7de82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:5
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f82d1264f34897e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:6
from opentelemetry.trace.span import INVALID_SPAN, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9be450ab359bf135 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:6
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #362ea32301c4acd2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:7
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #79056ba9b46cf15f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:8
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f76c65db735503ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:9
from opentelemetry.trace import format_span_id, format_trace_id

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #661341a2a3cccd2c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:10
from opentelemetry.trace.span import TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #605a774c01d182d3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/span.py:14
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4a8e04946e1210cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/span.py:15
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a703cf093402db40 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:9
    from opentelemetry.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fa1eefb2bf94c7bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:10
    from opentelemetry.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f0638abf9e067c81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:21
    from opentelemetry.util._importlib_metadata import (  # noqa: PLC0415
        entry_points,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #ff40fbd1b90a47eb Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:202
        if _OTEL_PYTHON_EVENT_LOGGER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e2053a3549bd4c1 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:394
        if _OTEL_PYTHON_LOGGER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da65682a6e5d2a62 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:25
    configured_context = os.environ.get(OTEL_PYTHON_CONTEXT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23b9d9bee1cd20a8 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:868
        if OTEL_PYTHON_METER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #107b735818d6771c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:112
    configured = environ.get(OTEL_PROPAGATORS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9504cf544ed9d1d3 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:167
environ_propagators = environ.get(OTEL_PROPAGATORS, "tracecontext,baggage")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cda27cbdca20a89 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/propagators/_envcarrier.py:50
            k: v for k, v in os.environ.items() if _is_normalized_key(k)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da91b3c1e0a86948 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:573
        if OTEL_PYTHON_TRACER_PROVIDER not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #259dc233ea2ab8ad Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:28
            environ.get(provider_environment_variable, f"default_{provider}"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

opentelemetry-exporter-otlp-proto-http

python dependency
medium telemetry dependency Excluded from app score #9ca701ef13f39d2a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_common/__init__.py:9
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_HTTP_CREDENTIAL_PROVIDER,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #13865b51453e34c9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_common/__init__.py:12
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #328f66948e539537 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:19
from opentelemetry.exporter.otlp.proto.common._exporter_metrics import (
    create_exporter_metrics,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #116b8353117063e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:22
from opentelemetry.exporter.otlp.proto.common._log_encoder import encode_logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7c14e80faac03d97 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:23
from opentelemetry.exporter.otlp.proto.http import (
    _OTLP_HTTP_HEADERS,
    Compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ebe558354309637f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:27
from opentelemetry.exporter.otlp.proto.http._common import (
    _is_retryable,
    _load_session_from_envvar,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c5a6745c76ac180d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:31
from opentelemetry.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3ec5ed397764c0b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:32
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #74fb7bf0444354a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:33
from opentelemetry.sdk._logs.export import (
    LogRecordExporter,
    LogRecordExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #183ccb002cf90b81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:37
from opentelemetry.sdk._shared_internal import DuplicateFilter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cdf8f7d7278b3cd3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:38
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_HTTP_LOGS_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_COMPRESSION,
    OTEL_EXPORTER_OTLP_ENDPOINT,
    OTEL_EXPORTER_OTLP_HEADERS,
    OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE,
    OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_LOGS_COMPRESSION,
    OTEL_EXPORTER_OTLP_LOGS_ENDPOINT,
    OTEL_EXPORTER_OTLP_LOGS_HEADERS,
    OTEL_EXPORTER_OTLP_LOGS_TIMEOUT,
    OTEL_EXPORTER_OTLP_TIMEOUT,
    OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b71811161d8e5865 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:56
from opentelemetry.semconv._incubating.attributes.otel_attributes import (
    OtelComponentTypeValues,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #305f38e246bab8ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:59
from opentelemetry.semconv.attributes.http_attributes import (
    HTTP_RESPONSE_STATUS_CODE,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #82aa061a15dc96ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:62
from opentelemetry.util.re import parse_env_headers

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d450b07d74c5364c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:25
from opentelemetry.exporter.otlp.proto.common._exporter_metrics import (
    create_exporter_metrics,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72d20fe229f02aae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:28
from opentelemetry.exporter.otlp.proto.common._internal import (
    _get_resource_data,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #be0c68244908abd9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:31
from opentelemetry.exporter.otlp.proto.common._internal.metrics_encoder import (
    OTLPMetricExporterMixin,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #de6b69eb168789c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:34
from opentelemetry.exporter.otlp.proto.common.metrics_encoder import (
    encode_metrics,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8e3593de006300db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:37
from opentelemetry.exporter.otlp.proto.http import (
    _OTLP_HTTP_HEADERS,
    Compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd78029341b9e24a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:41
from opentelemetry.exporter.otlp.proto.http._common import (
    _is_retryable,
    _load_session_from_envvar,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9c3e7f6842f59ff3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:45
from opentelemetry.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c19805bf76fb2947 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:46
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2 import (  # noqa: F401
    ExportMetricsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cf914e6119e236e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:49
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    AnyValue,
    ArrayValue,
    InstrumentationScope,
    KeyValue,
    KeyValueList,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec94ed678895739b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:56
from opentelemetry.proto.metrics.v1 import metrics_pb2 as pb2

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #89422a4868ab7456 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:57
from opentelemetry.proto.resource.v1.resource_pb2 import Resource  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d82e744d62a3299 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:58
from opentelemetry.proto.resource.v1.resource_pb2 import (
    Resource as PB2Resource,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #787fc7287e861ae5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:61
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_HTTP_METRICS_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_COMPRESSION,
    OTEL_EXPORTER_OTLP_ENDPOINT,
    OTEL_EXPORTER_OTLP_HEADERS,
    OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE,
    OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_METRICS_COMPRESSION,
    OTEL_EXPORTER_OTLP_METRICS_ENDPOINT,
    OTEL_EXPORTER_OTLP_METRICS_HEADERS,
    OTEL_EXPORTER_OTLP_METRICS_TIMEOUT,
    OTEL_EXPORTER_OTLP_TIMEOUT,
    OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #30dba0b65e46d703 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:79
from opentelemetry.sdk.metrics._internal.aggregation import Aggregation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5a01535fc58f0e6b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:80
from opentelemetry.sdk.metrics.export import (  # noqa: F401
    AggregationTemporality,
    Gauge,
    MetricExporter,
    MetricExportResult,
    MetricsData,
    Sum,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #befb0e01f3484293 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:88
from opentelemetry.sdk.metrics.export import (  # noqa: F401
    Histogram as HistogramType,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #18319a9a162d228f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:91
from opentelemetry.sdk.resources import Resource as SDKResource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ce93fc5ee895d22b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:92
from opentelemetry.semconv._incubating.attributes.otel_attributes import (
    OtelComponentTypeValues,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e9cfc3879fe495e8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:95
from opentelemetry.semconv.attributes.http_attributes import (
    HTTP_RESPONSE_STATUS_CODE,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #89d7bec5a8536d74 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:98
from opentelemetry.util.re import parse_env_headers

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #07bd35c78131b3e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:19
from opentelemetry.exporter.otlp.proto.common._exporter_metrics import (
    create_exporter_metrics,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #979f336f8dad4a3d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:22
from opentelemetry.exporter.otlp.proto.common.trace_encoder import (
    encode_spans,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #60b6578ca274e623 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:25
from opentelemetry.exporter.otlp.proto.http import (
    _OTLP_HTTP_HEADERS,
    Compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5394716bb1844f7c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:29
from opentelemetry.exporter.otlp.proto.http._common import (
    _is_retryable,
    _load_session_from_envvar,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d024c3bf3145d453 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:33
from opentelemetry.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #50257f5ad3ff4931 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:34
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_HTTP_TRACES_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_COMPRESSION,
    OTEL_EXPORTER_OTLP_ENDPOINT,
    OTEL_EXPORTER_OTLP_HEADERS,
    OTEL_EXPORTER_OTLP_TIMEOUT,
    OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE,
    OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_TRACES_COMPRESSION,
    OTEL_EXPORTER_OTLP_TRACES_ENDPOINT,
    OTEL_EXPORTER_OTLP_TRACES_HEADERS,
    OTEL_EXPORTER_OTLP_TRACES_TIMEOUT,
    OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fd812556188106fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:52
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee239d034015bb86 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:53
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #85b757ff71fb2498 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:54
from opentelemetry.semconv._incubating.attributes.otel_attributes import (
    OtelComponentTypeValues,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e506402eb1ed801 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:57
from opentelemetry.semconv.attributes.http_attributes import (
    HTTP_RESPONSE_STATUS_CODE,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e14e9e5bf8df0ed7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:60
from opentelemetry.util.re import parse_env_headers

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #761ae8be6ccc1933 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:8
from opentelemetry.proto.collector.trace.v1.trace_service_pb2 import (  # noqa: F401
    ExportTraceServiceRequest as PB2ExportTraceServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cfa586b908652ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:11
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    AnyValue as PB2AnyValue,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b6d49999841d0493 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:14
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    ArrayValue as PB2ArrayValue,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #459fee667afc7e8e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:17
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    InstrumentationScope as PB2InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bae51a01ec9ded1d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:20
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    KeyValue as PB2KeyValue,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c7251522672d97ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:23
from opentelemetry.proto.resource.v1.resource_pb2 import (  # noqa: F401
    Resource as PB2Resource,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #849227d8013c8a2e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:26
from opentelemetry.proto.trace.v1.trace_pb2 import (  # noqa: F401
    ResourceSpans as PB2ResourceSpans,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f8139e3819dbc4f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:29
from opentelemetry.proto.trace.v1.trace_pb2 import (  # noqa: F401
    ScopeSpans as PB2ScopeSpans,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #27d7b50d24182354 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:32
from opentelemetry.proto.trace.v1.trace_pb2 import (  # noqa: F401
    Span as PB2SPan,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #769f61c90a0b1ec1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:35
from opentelemetry.proto.trace.v1.trace_pb2 import (  # noqa: F401
    Status as PB2Status,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2bf7b684e8551216 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:38
from opentelemetry.sdk.trace import (
    Event,  # noqa: F401
    Resource,  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d680c0763b2a05da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:42
from opentelemetry.sdk.trace import Span as SDKSpan  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca5844085ddfcb42 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:43
from opentelemetry.sdk.util.instrumentation import (  # noqa: F401
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #48c34b9ab94426d6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:46
from opentelemetry.trace import (
    Link,  # noqa: F401
    SpanKind,  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d9f086008b94435 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:50
from opentelemetry.trace.span import (  # noqa: F401
    SpanContext,
    Status,
    TraceState,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #43d9f7bb94e67e52 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/encoder/__init__.py:55
from opentelemetry.util.types import Attributes  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 70 low-confidence finding(s)
low env_fs dependency Excluded from app score #b119b2b49710366c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_common/__init__.py:30
    _credential_env = environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e11aeebe564d9a60 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_common/__init__.py:30
    _credential_env = environ.get(
        _OTEL_PYTHON_EXPORTER_OTLP_HTTP_CREDENTIAL_PROVIDER
    ) or environ.get(cred_envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #086857871de35db7 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_common/__init__.py:32
    ) or environ.get(cred_envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c450f87ec49a9d9b Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:91
        self._endpoint = endpoint or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62fd63f54b7a0357 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:91
        self._endpoint = endpoint or environ.get(
            OTEL_EXPORTER_OTLP_LOGS_ENDPOINT,
            _append_logs_path(
                environ.get(OTEL_EXPORTER_OTLP_ENDPOINT, DEFAULT_ENDPOINT)
            ),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b9da390bf7171ec Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:94
                environ.get(OTEL_EXPORTER_OTLP_ENDPOINT, DEFAULT_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b9e46e7eeabf4fe Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:98
        self._certificate_file = certificate_file or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d40dedaedb868e1c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:98
        self._certificate_file = certificate_file or environ.get(
            OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE,
            environ.get(OTEL_EXPORTER_OTLP_CERTIFICATE, True),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb81e5d805fa061e Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:100
            environ.get(OTEL_EXPORTER_OTLP_CERTIFICATE, True),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a62512f886a1ee89 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:102
        self._client_key_file = client_key_file or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c7924b42ce1440c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:102
        self._client_key_file = client_key_file or environ.get(
            OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY,
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_KEY, None),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d7d7884a2b2261e Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:104
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_KEY, None),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdff92986fc9eb1c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:106
        self._client_certificate_file = client_certificate_file or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #467366272174fede Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:106
        self._client_certificate_file = client_certificate_file or environ.get(
            OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE,
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE, None),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93f7602248a73bde Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:108
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE, None),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b700fa971f8f5ba4 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:115
        headers_string = environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcd053e3955d0f9d Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:115
        headers_string = environ.get(
            OTEL_EXPORTER_OTLP_LOGS_HEADERS,
            environ.get(OTEL_EXPORTER_OTLP_HEADERS, ""),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f7dea0539dafd61 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:117
            environ.get(OTEL_EXPORTER_OTLP_HEADERS, ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec9357c01fbf8911 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:123
            environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35e936183f50aefe Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:123
            environ.get(
                OTEL_EXPORTER_OTLP_LOGS_TIMEOUT,
                environ.get(OTEL_EXPORTER_OTLP_TIMEOUT, DEFAULT_TIMEOUT),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c25eab65e35566d Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:125
                environ.get(OTEL_EXPORTER_OTLP_TIMEOUT, DEFAULT_TIMEOUT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f429b81ad0e7054e Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:151
            os.environ.get(OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e7465842f3ad6f8 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:280
        environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17d668fee2091673 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:280
        environ.get(
            OTEL_EXPORTER_OTLP_LOGS_COMPRESSION,
            environ.get(OTEL_EXPORTER_OTLP_COMPRESSION, "none"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #459e3582fd913163 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/_log_exporter/__init__.py:282
            environ.get(OTEL_EXPORTER_OTLP_COMPRESSION, "none"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97127f7a191636f2 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:150
        self._endpoint = endpoint or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f9d8aa3a6427ce2 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:150
        self._endpoint = endpoint or environ.get(
            OTEL_EXPORTER_OTLP_METRICS_ENDPOINT,
            _append_metrics_path(
                environ.get(OTEL_EXPORTER_OTLP_ENDPOINT, DEFAULT_ENDPOINT)
            ),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd58dd49ed198f53 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:153
                environ.get(OTEL_EXPORTER_OTLP_ENDPOINT, DEFAULT_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d76186b185b18f2 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:156
        self._certificate_file = certificate_file or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f078175d495e9328 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:156
        self._certificate_file = certificate_file or environ.get(
            OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE,
            environ.get(OTEL_EXPORTER_OTLP_CERTIFICATE, True),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #504cf1eeb72e98a8 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:158
            environ.get(OTEL_EXPORTER_OTLP_CERTIFICATE, True),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d771687f2998403 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:160
        self._client_key_file = client_key_file or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff779ab562e702a5 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:160
        self._client_key_file = client_key_file or environ.get(
            OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY,
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_KEY, None),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #905b10bb4bda5fe3 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:162
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_KEY, None),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a92b110a7743978 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:164
        self._client_certificate_file = client_certificate_file or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0834e6ba02027ee3 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:164
        self._client_certificate_file = client_certificate_file or environ.get(
            OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE,
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE, None),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33e31a8956dbdacf Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:166
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE, None),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e489ce999b554e3d Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:173
        headers_string = environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44086ffbdbfd9231 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:173
        headers_string = environ.get(
            OTEL_EXPORTER_OTLP_METRICS_HEADERS,
            environ.get(OTEL_EXPORTER_OTLP_HEADERS, ""),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bc68e2c18bd1693 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:175
            environ.get(OTEL_EXPORTER_OTLP_HEADERS, ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57b3042277ed20e6 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:181
            environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f4c686fdc1b159c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:181
            environ.get(
                OTEL_EXPORTER_OTLP_METRICS_TIMEOUT,
                environ.get(OTEL_EXPORTER_OTLP_TIMEOUT, DEFAULT_TIMEOUT),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aaffc148f910f79 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:183
                environ.get(OTEL_EXPORTER_OTLP_TIMEOUT, DEFAULT_TIMEOUT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5806a4c219d67071 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:214
            os.environ.get(OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f127688dfd280508 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:400
            os.environ.get(OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e06dfdbd7a106956 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:729
        environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca7ea6893c62c1a6 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:729
        environ.get(
            OTEL_EXPORTER_OTLP_METRICS_COMPRESSION,
            environ.get(OTEL_EXPORTER_OTLP_COMPRESSION, "none"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #883b1716e230e9c3 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/metric_exporter/__init__.py:731
            environ.get(OTEL_EXPORTER_OTLP_COMPRESSION, "none"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #264999ca1dbab02d Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:87
        self._endpoint = endpoint or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54a8f1e13ed50ca6 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:87
        self._endpoint = endpoint or environ.get(
            OTEL_EXPORTER_OTLP_TRACES_ENDPOINT,
            _append_trace_path(
                environ.get(OTEL_EXPORTER_OTLP_ENDPOINT, DEFAULT_ENDPOINT)
            ),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #661c89f73f4d9e90 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:90
                environ.get(OTEL_EXPORTER_OTLP_ENDPOINT, DEFAULT_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81b30d4407ac26c1 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:93
        self._certificate_file = certificate_file or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90b74f062c7caf9d Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:93
        self._certificate_file = certificate_file or environ.get(
            OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE,
            environ.get(OTEL_EXPORTER_OTLP_CERTIFICATE, True),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9944463fcd87489e Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:95
            environ.get(OTEL_EXPORTER_OTLP_CERTIFICATE, True),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #665973155bcb241d Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:97
        self._client_key_file = client_key_file or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2734aaa21dba2636 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:97
        self._client_key_file = client_key_file or environ.get(
            OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY,
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_KEY, None),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fd34ae83401640d Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:99
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_KEY, None),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65e02c235a648886 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:101
        self._client_certificate_file = client_certificate_file or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #586e7232b417ddc8 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:101
        self._client_certificate_file = client_certificate_file or environ.get(
            OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE,
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE, None),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a61b9a6a22659c3 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:103
            environ.get(OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE, None),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3e00c278c7454dd Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:110
        headers_string = environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #989b412b84aeca40 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:110
        headers_string = environ.get(
            OTEL_EXPORTER_OTLP_TRACES_HEADERS,
            environ.get(OTEL_EXPORTER_OTLP_HEADERS, ""),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0d86a54380b8476 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:112
            environ.get(OTEL_EXPORTER_OTLP_HEADERS, ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cd48881114ae6e7 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:118
            environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #442a1bc89fcb7af6 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:118
            environ.get(
                OTEL_EXPORTER_OTLP_TRACES_TIMEOUT,
                environ.get(OTEL_EXPORTER_OTLP_TIMEOUT, DEFAULT_TIMEOUT),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #957e86c68c3f64e4 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:120
                environ.get(OTEL_EXPORTER_OTLP_TIMEOUT, DEFAULT_TIMEOUT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa5a73eb4544cf0f Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:146
            os.environ.get(OTEL_PYTHON_SDK_INTERNAL_METRICS_ENABLED, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97483a3cda5f4617 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:273
        environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e916d6244e1b5555 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:273
        environ.get(
            OTEL_EXPORTER_OTLP_TRACES_COMPRESSION,
            environ.get(OTEL_EXPORTER_OTLP_COMPRESSION, "none"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #627eb5ea4bd58491 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/http/trace_exporter/__init__.py:275
            environ.get(OTEL_EXPORTER_OTLP_COMPRESSION, "none"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

patronus

python dependency
medium telemetry tooling reachable #24752837a014bc1d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/otel_tracing_integration.py:3
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #d11ef2043fd1b5f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/otel_tracing_integration.py:4
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #3368623a19c76d1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/otel_tracing_integration.py:5
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #d6d8e4a5c99147af Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/otel_tracing_integration.py:6
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #ad2d9bd17881c667 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/crewai_weather.py:15
from opentelemetry.instrumentation.threading import ThreadingInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #50b32ff69af300ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/crewai_weather.py:16
from opentelemetry.instrumentation.asyncio import AsyncioInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #1ee5c1ca56cc537a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/langchain_weather.py:28
from opentelemetry.instrumentation.threading import ThreadingInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #7a1e6c68492be5f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/langchain_weather.py:29
from opentelemetry.instrumentation.asyncio import AsyncioInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #61eb454308be136f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/openai_agents_weather.py:14
from opentelemetry.instrumentation.threading import ThreadingInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #93abf1001cf364c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/openai_agents_weather.py:15
from opentelemetry.instrumentation.asyncio import AsyncioInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #25858bec4beeed60 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/otel_openai_weather.py:19
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #e45cda7a9485892f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/otel_openai_weather.py:20
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #89e905592046c576 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/otel_openai_weather.py:21
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #069ebb11be9230b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/otel_openai_weather.py:22
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #0dfecc2477a1ea65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/otel_openai_weather.py:23
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #ff369b99f2d8e940 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/otel_openai_weather.py:24
from opentelemetry.semconv.resource import ResourceAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #34f8be473372958a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/otel_openai_weather.py:50
    from opentelemetry.sdk.trace.export import ConsoleSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #3dec0d68ad01a225 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/pydanticai_weather.py:13
from opentelemetry.instrumentation.threading import ThreadingInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #61bad308e4254e09 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/pydanticai_weather.py:14
from opentelemetry.instrumentation.asyncio import AsyncioInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry tooling reachable #27db2a2eae94604f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/examples/patronus_examples/tracking/smolagents_weather.py:15
from opentelemetry.instrumentation.threading import ThreadingInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #64bb04ebfd416b02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/context/__init__.py:12
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #065d000d222df3c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/context/__init__.py:24
    from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #07b7dc14cfff21ed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/context/__init__.py:25
    from opentelemetry._logs import LoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #09c770d97f1fe040 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/evals/evaluators.py:16
from opentelemetry.trace import get_current_span, SpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7652ea44f56daa27 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/init.py:247
            from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e00ea3f14361988 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/integrations/otel.py:8
    from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b284b4ad69e4651b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/integrations/pydantic_ai.py:4
from opentelemetry.sdk._events import EventLoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3c2bfee3dd8cb5ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/decorators.py:7
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #25174cfce73149d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/decorators.py:8
from opentelemetry._logs import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7ad3730fed48af78 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/exporters.py:9
from opentelemetry.exporter.otlp.proto.grpc._log_exporter import OTLPLogExporter as OTLPLogExporterGRPC

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b635f5171e2f5c54 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/exporters.py:10
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter as OTLPSpanExporterGRPC

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b260619c5bc3de31 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/exporters.py:11
from opentelemetry.exporter.otlp.proto.http._log_exporter import OTLPLogExporter as OTLPLogExporterHTTP

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b98788c8b76fc344 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/exporters.py:12
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter as OTLPSpanExporterHTTP

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a4c125a43a0824ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/exporters.py:13
from opentelemetry.sdk._logs.export import LogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #de82f9e3a21f1354 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/exporters.py:14
from opentelemetry.sdk.trace.export import SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a1ef9c09a4aac99 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/logger.py:10
from opentelemetry._logs import SeverityNumber, LogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #99d2893f8372bd51 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/logger.py:12
from opentelemetry.sdk._logs import Logger as OTELLogger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7343bc6d22d3665 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/logger.py:13
from opentelemetry.sdk._logs import LoggerProvider as OTELLoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b92e3429ccb12262 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/logger.py:14
from opentelemetry.sdk._logs import LoggingHandler as OTeLLoggingHandler

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c70307401b7a00c9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/logger.py:15
from opentelemetry.sdk._logs._internal import ConcurrentMultiLogRecordProcessor, SynchronousMultiLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e84f95285dfb705e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/logger.py:16
from opentelemetry.sdk._logs.export import BatchLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a9ba24c3a6083aa9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/logger.py:17
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #37e8f4292d2dae5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/logger.py:18
from opentelemetry.sdk.util.instrumentation import InstrumentationScope

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a99bd04b52c71830 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/logger.py:19
from opentelemetry.trace import get_current_span, SpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f61a845ad1003782 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/logger.py:20
from opentelemetry.util.types import Attributes as OTeLAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #11def8d51e9332cd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/tracer.py:6
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dcae622c786cb00a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/tracer.py:9
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3d8c51fc9f2fcea0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/tracer.py:10
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e87a2293460cfe0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/tracer.py:11
from opentelemetry.sdk.trace import Span, SpanProcessor, TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e89fe2a1fdb4daa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/patronus/tracing/tracer.py:12
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 11 low-confidence finding(s)
low env_fs tooling reachable #ce31750787dc179e Environment-variable access.
pkgs/python/[email protected]/examples/patronus_examples/otel_tracing_integration.py:16
        endpoint=os.environ.get("OTEL_EXPORTER_OTLP_ENDPOINT"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #924db7e52920fddc Environment-variable access.
pkgs/python/[email protected]/examples/patronus_examples/otel_tracing_integration.py:17
        headers=os.environ.get("OTEL_EXPORTER_OTLP_HEADERS"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8b5e56dc2b59761d Environment-variable access.
pkgs/python/[email protected]/examples/patronus_examples/otel_tracing_integration.py:27
client = Client(api_key=os.environ.get("PATRONUS_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0d709aab32f25dfb Environment-variable access.
pkgs/python/[email protected]/examples/patronus_examples/tracing.py:15
    api_key=os.getenv("PATRONUS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9f062d1cc83afcb5 Environment-variable access.
pkgs/python/[email protected]/examples/patronus_examples/tracking/otel_openai_weather.py:42
if os.environ.get("OTEL_EXPORTER_OTLP_ENDPOINT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9687a01e87151af8 Filesystem access.
pkgs/python/[email protected]/src/patronus/api/api_client.py:428
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fd69116dda71948 Filesystem access.
pkgs/python/[email protected]/src/patronus/api/api_client.py:492
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3465398da144ceea Environment-variable access.
pkgs/python/[email protected]/src/patronus/config.py:21
    otel_service_name = os.getenv("OTEL_SERVICE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #171dfbe8040155dc Environment-variable access.
pkgs/python/[email protected]/src/patronus/tracing/exporters.py:38
    traces_protocol = os.environ.get("OTEL_EXPORTER_OTLP_TRACES_PROTOCOL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed53132a4736c80d Environment-variable access.
pkgs/python/[email protected]/src/patronus/tracing/exporters.py:39
    logs_protocol = os.environ.get("OTEL_EXPORTER_OTLP_LOGS_PROTOCOL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d06a592f6978650c Environment-variable access.
pkgs/python/[email protected]/src/patronus/tracing/exporters.py:40
    general_protocol = os.environ.get("OTEL_EXPORTER_OTLP_PROTOCOL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

daytona

python dependency
medium telemetry dependency Excluded from app score #c08d363bb2b474d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:15
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca7cdb8eea2df920 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:16
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bddf467b5dabc87b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:17
from opentelemetry.instrumentation.aiohttp_client import AioHttpClientInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d4bc9aeb1ca04454 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:18
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #53f69ebe038a3c09 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:19
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e21b1bcefa8fea5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:20
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8130850adffceb7d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:21
from opentelemetry.semconv.attributes import service_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #46f1eb12df155531 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:16
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2ec65088dde3a830 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:17
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #54966ee5d06ecfc4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:18
from opentelemetry.instrumentation.aiohttp_client import AioHttpClientInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f46bff2d8e504c4d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:19
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4fd1bc9b500bf97c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:20
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #52c551471e879f17 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:21
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ab27ee62e3f337e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:22
from opentelemetry.semconv.attributes import service_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f60b4c046a137d43 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_utils/otel_decorator.py:12
from opentelemetry import metrics, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b55aa03873f035cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_utils/otel_decorator.py:13
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #f15475e952b6f894 Filesystem access.
pkgs/python/[email protected]/src/daytona/_async/filesystem.py:947
                    stream = stack.enter_context(open(f.source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #820aad42b87cdb2c Filesystem access.
pkgs/python/[email protected]/src/daytona/_async/filesystem.py:1200
        return stack.enter_context(open(source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5382013f1837ee57 Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/computer_use.py:623
            with open(local_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #348f0c2fe82098be Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/filesystem.py:472
                            writer = open(meta.dst, mode="wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6ac98958a9cbd93 Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/filesystem.py:911
                    stream = stack.enter_context(open(f.source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a363d14bc97cb9ba Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/filesystem.py:1022
        return stack.enter_context(open(source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5427d502d2c07779 Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/object_storage.py:110
            with open(abs_path_str, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e75a49806be81c2c Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/object_storage.py:126
                    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7074d46f7d6d07c Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/env.py:26
        val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6662bae1342d21f6 Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:15
    old_env: MutableMapping[str, str] = deepcopy(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ad2672de6e7c333 Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:16
    os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3531a747a6bee572 Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:18
        os.environ.update(temp_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8971d2aa0c7bf891 Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:22
        os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf44fc61dbfc6275 Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:23
        os.environ.update(old_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8ed180115800f42 Filesystem access.
pkgs/python/[email protected]/src/daytona/common/image.py:438
        dockerfile = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

couchbase

python dependency
medium telemetry dependency Excluded from app score #91335161e8d1fd06 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/couchbase/observability/otel_metrics.py:28
    from opentelemetry import metrics as otel_metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #42df5635c03f4794 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/couchbase/observability/otel_metrics.py:29
    from opentelemetry.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8d7ecc816388ae9f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/couchbase/observability/otel_metrics.py:32
    from opentelemetry import metrics as otel_metrics  # noqa: F811

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8bd25df72ae59dd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/couchbase/observability/otel_tracing.py:29
    from opentelemetry import trace as otel_trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7aacc60636f3985b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/couchbase/observability/otel_tracing.py:30
    from opentelemetry.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd7a1024c04817b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/couchbase/observability/otel_tracing.py:33
    from opentelemetry import trace as otel_trace  # noqa: F811

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #049ae79de08ce7dd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/couchbase/observability/otel_tracing.py:34
    from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6a7a58ae84b9dc7e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/couchbase/observability/otel_tracing.py:35
    from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2ab7dbdd7823b732 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/couchbase/observability/otel_tracing.py:36
    from opentelemetry.trace.status import Status as OtelStatus

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #763532e14def1e0a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/couchbase/observability/otel_tracing.py:37
    from opentelemetry.trace.status import StatusCode as OtelStatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #04e5a8683ca31bec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/couchbase/otel_tracer.py:19
from opentelemetry.trace import (Span,
                                 Tracer,
                                 set_span_in_context)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 30 low-confidence finding(s)
low env_fs dependency Excluded from app score #23a983f5865332df Environment-variable access.
pkgs/python/[email protected]/couchbase/__init__.py:28
        open_ssl_dir = os.getenv('PYCBC_OPENSSL_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7de252fc01dfcbed Environment-variable access.
pkgs/python/[email protected]/couchbase/logic/logging_config.py:162
    log_level = os.getenv('PYCBC_LOG_LEVEL', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc41e21e2adb909c Environment-variable access.
pkgs/python/[email protected]/couchbase/logic/logging_config.py:164
        log_file = os.getenv('PYCBC_LOG_FILE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e894bccb84215297 Environment-variable access.
pkgs/python/[email protected]/couchbase/logic/logging_config.py:166
            enable_console_logging = 0 if os.getenv('PYCBC_ENABLE_CONSOLE', None) is None else 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93e2430dbfde14ff Filesystem access.
pkgs/python/[email protected]/couchbase_version.py:108
    fp = open(VERSION_FILE, "r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c210505c4b64b73d Filesystem access.
pkgs/python/[email protected]/couchbase_version.py:172
    with open(VERSION_FILE, "w") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8795bcb9704ee53 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:36
CMAKE_EXE = os.environ.get('CMAKE_EXE', shutil.which('cmake'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #233509a9b1fbbb22 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:42
CXXCBC_CACHE_DIR = os.environ.get('PYCBC_CXXCBC_CACHE_DIR', os.path.join(PYCBC_ROOT, 'deps', 'couchbase-cxx-cache'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e07c109be081240 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:55
    build_type = os.getenv('PYCBC_BUILD_TYPE', 'Release')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87410bd2ed2e32a7 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:60
            c_flags = os.getenv('CFLAGS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #977513a04d64f8c3 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:61
            cxx_flags = os.getenv('CXXFLAGS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd0617723f0ad781 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:62
            os.environ['CFLAGS'] = f'{c_flags} {debug_flags}'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #488a070c867a9ace Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:63
            os.environ['CXXFLAGS'] = f'{cxx_flags} {debug_flags}'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb2cc01b30c8e1ba Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:64
    os.environ['PYCBC_BUILD_TYPE'] = build_type

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d969837aa28b2377 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:68
    ssl_dir = os.getenv('PYCBC_OPENSSL_DIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #916459bc6b71d7d1 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:73
    pycbc_use_openssl = os.getenv('PYCBC_USE_OPENSSL', 'true').lower() in ENV_TRUE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f2f0b946e7cfdab Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:74
    pycbc_use_opensslv1_1 = os.getenv('PYCBC_USE_OPENSSLV1_1', 'false').lower() in ENV_TRUE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fa2741c09f25eed Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:77
        ssl_version = os.getenv('PYCBC_OPENSSL_VERSION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70e521b45c40794b Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:92
    use_static_stdlib = os.getenv('PYCBC_USE_STATIC_STDLIB', 'false').lower() in ENV_TRUE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e993f08b48fd26b Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:100
    download_mozilla_ca_bundle = os.getenv('PYCBC_DOWNLOAD_MOZILLA_CA_BUNDLE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ad5e30c10cf81b3 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:107
    sanitizers = os.getenv('PYCBC_SANITIZERS', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a66123f31805ed1 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:112
    if os.getenv('PYCBC_VERBOSE_MAKEFILE', None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c30d89c05a278835 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:115
    pycbc_cmake_system_version = os.getenv('PYCBC_CMAKE_SYSTEM_VERSION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad0598ba7d648749 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:119
    pycbc_tls_key_log_file = os.getenv('PYCBC_TLS_KEY_LOG_FILE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #240fec79adfd00d4 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:124
    os.environ['CMAKE_COMMON_VARIABLES'] = ' '.join(cmake_extra_args)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfacb5589f336a56 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:141
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2936a639e31ceeee Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:154
                os.environ.get('CMAKE_COMMON_VARIABLES', '').split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #476df974080f4dc6 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:258
        set_cpm_cache = os.environ.get('PYCBC_SET_CPM_CACHE', 'true').lower() in ENV_TRUE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af013976db4fea71 Environment-variable access.
pkgs/python/[email protected]/pycbc_build_setup.py:352
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2663840bdfdecbd5 Filesystem access.
pkgs/python/[email protected]/setup.py:82
      long_description=open(PYCBC_README, "r").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chromadb

python dependency
medium telemetry dependency Excluded from app score #d0a0fc32ef5d564a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/execution/executor/distributed.py:22
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97c2912b31661d58 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/proto/utils.py:4
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bfad6edc9f3704ed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/server/fastapi/__init__.py:77
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #811e05678eed7f8a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:7
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #27a5cf5752aaf8df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:8
from opentelemetry.sdk.resources import SERVICE_NAME, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #67f773c11db5b80f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:9
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #28af1e35ddb85a1d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:10
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e6d2cdda468108ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:13
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #43a81765f5f41623 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/fastapi.py:3
from opentelemetry.instrumentation.fastapi import FastAPIInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5c211d0a168c895e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/grpc.py:5
from opentelemetry.trace import StatusCode, SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 54 low-confidence finding(s)
low env_fs dependency Excluded from app score #d019bdf6d7003ffe Environment-variable access.
pkgs/python/[email protected]/chromadb/__init__.py:407
            arg.value = arg.value or os.environ.get(arg.env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e506ffa86f7853e Environment-variable access.
pkgs/python/[email protected]/chromadb/__init__.py:420
    tenant = tenant or os.environ.get("CHROMA_TENANT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb7d3ff897620f3 Environment-variable access.
pkgs/python/[email protected]/chromadb/__init__.py:423
    database = database or os.environ.get("CHROMA_DATABASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cf4e4ce8a4711f7 Filesystem access.
pkgs/python/[email protected]/chromadb/auth/__init__.py:124
            with open(_creds_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #615f52cbce65fc2e Filesystem access.
pkgs/python/[email protected]/chromadb/auth/__init__.py:235
            with open(_config_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #6b4484bf102b78bb Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/cli/cli.py:25
        response = requests.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c76b9eba3da2317f Filesystem access.
pkgs/python/[email protected]/chromadb/cli/utils.py:12
    with open(f"{log_config_path}", "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6013896a15d501f4 Filesystem access.
pkgs/python/[email protected]/chromadb/db/migrations.py:256
    sql = file["path"].read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fc660cafee3bb4b Filesystem access.
pkgs/python/[email protected]/chromadb/segment/impl/vector/local_persistent_hnsw.py:74
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a66af64159159b7a Filesystem access.
pkgs/python/[email protected]/chromadb/segment/impl/vector/local_persistent_hnsw.py:255
        with open(self._get_metadata_file(), "wb") as metadata_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c684ea5e4d83e53f Environment-variable access.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:139
                        {"pod_name": os.environ.get("HOSTNAME")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee85dca323e09828 Environment-variable access.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:155
                        {"pod_name": os.environ.get("HOSTNAME")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc22662cf15e3b88 Filesystem access.
pkgs/python/[email protected]/chromadb/telemetry/product/__init__.py:88
                with open(self.USER_ID_PATH, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7bfd38208f34997 Filesystem access.
pkgs/python/[email protected]/chromadb/telemetry/product/__init__.py:93
                with open(self.USER_ID_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df7f6384a5515e04 Environment-variable access.
pkgs/python/[email protected]/chromadb/telemetry/product/events.py:20
        self.is_cli = os.environ.get("CHROMA_CLI", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab12a33b98c5e2ed Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/baseten_embedding_function.py:39
        if os.getenv("BASETEN_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2687ba55a02f8f69 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/baseten_embedding_function.py:45
        resolved_api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad974f1b0647d29c Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_qwen_embedding_function.py:61
        self.api_key = os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #859d6d153ca1f371 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_splade_embedding_function.py:42
        self.api_key = os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db132cd45b649edf Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cloudflare_workers_ai_embedding_function.py:57
        if os.getenv("CLOUDFLARE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d26308638fbae561 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cloudflare_workers_ai_embedding_function.py:62
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bcbd1af70557900 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cohere_embedding_function.py:46
        if os.getenv("COHERE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #717b899cba2d8142 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cohere_embedding_function.py:51
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55a159b35e1be94e Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:57
        self.api_key = os.getenv(self.api_key_env_var) if self.api_key_env_var else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e7f6955e4b98c85 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:251
        if os.getenv("GOOGLE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9327e867bc95408c Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:256
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6d1c3384394bc00 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:401
        if os.getenv("GOOGLE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13ad4c7aff6725ff Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:406
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91888a38e5c2401a Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:529
        if os.getenv("GOOGLE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfb75baff6a740f3 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:534
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81717113939b0378 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:43
        if os.getenv("HUGGINGFACE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a33edbe2217c260b Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:48
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2469f5877161bbb9 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:169
        if os.getenv("HUGGINGFACE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49aa1e29347648be Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:173
            self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8a6e7b47959928b Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/jina_embedding_function.py:84
        if os.getenv("JINA_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28b51644d29d784b Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/jina_embedding_function.py:89
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7fcb7e858e53584 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/mistral_embedding_function.py:29
        self.api_key = os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #761c9cf393124581 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/morph_embedding_function.py:49
        self.api_key = api_key or os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e488a3536d348b7f Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/nomic_embedding_function.py:50
        self.api_key = os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aadc4149f2f4f51d Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/onnx_mini_lm_l6_v2.py:24
    with open(fname, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e9ecd96b16677e2 Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/onnx_mini_lm_l6_v2.py:109
            with open(fname, "wb") as file, self.tqdm(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a4aa7896505dfd3 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/openai_embedding_function.py:60
        if os.getenv("OPENAI_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0e526acaa4fca7b Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/openai_embedding_function.py:65
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87dda12cf6f99fe9 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/perplexity_embedding_function.py:52
        if os.getenv("PERPLEXITY_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7024cfe83b650f7 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/perplexity_embedding_function.py:57
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90764e2514f09a00 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/roboflow_embedding_function.py:48
        if os.getenv("ROBOFLOW_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a155a7ed05e5d307 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/roboflow_embedding_function.py:53
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4de7086d554d658 Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/schemas/registry.py:38
        with open(schema_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #647c71ef08e9b7f2 Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/schemas/schema_utils.py:36
    with open(schema_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cf8358b44b48e8d Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/together_ai_embedding_function.py:52
        if os.getenv("TOGETHER_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76aa62fccc303455 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/together_ai_embedding_function.py:57
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #540b6cb83c3439c1 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/utils.py:11
    return (os.environ.get("CHROMA_EMBED_URL") or DEFAULT_CHROMA_EMBED_URL).rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #234b5829fb07c1b3 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/voyageai_embedding_function.py:50
        if os.getenv("VOYAGE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8feb88e1e5df4793 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/voyageai_embedding_function.py:55
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

azure-ai-inference

python dependency
medium telemetry dependency Excluded from app score #8c7b6e2064ff39ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/azure/ai/inference/tracing.py:24
    from opentelemetry.trace import StatusCode, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4aef97974394c965 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/samples/sample_chat_completions_with_azure_monitor_tracing.py:31
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a7a1243f332ff92b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/samples/sample_chat_completions_with_azure_monitor_tracing.py:39
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8fd86469c81f7532 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/samples/sample_chat_completions_with_tracing.py:32
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #86c47b178066adfc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/samples/sample_chat_completions_with_tracing.py:35
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e13b85e022a555e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/samples/sample_chat_completions_with_tracing.py:36
from opentelemetry.sdk.trace.export import SimpleSpanProcessor, ConsoleSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #39d299476a6ff6ed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/samples/sample_chat_completions_with_tracing.py:55
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 93 low-confidence finding(s)
low env_fs dependency Excluded from app score #4e0c726c01aabcde Filesystem access.
pkgs/python/[email protected]/azure/ai/inference/models/_patch.py:320
        with open(image_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #672fd9c0b7c6cdfa Filesystem access.
pkgs/python/[email protected]/azure/ai/inference/models/_patch.py:346
        with open(image_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb8b95daa0cd6a8f Filesystem access.
pkgs/python/[email protected]/azure/ai/inference/models/_patch.py:548
        with open(audio_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e6229007aec5b60 Environment-variable access.
pkgs/python/[email protected]/azure/ai/inference/prompts/_core.py:190
        if variable in os.environ.keys():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #037da60a1db9f223 Environment-variable access.
pkgs/python/[email protected]/azure/ai/inference/prompts/_core.py:191
            return os.environ[variable]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57a5f2483b9a489e Filesystem access.
pkgs/python/[email protected]/azure/ai/inference/prompts/_parsers.py:64
        with open(image_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f365d0c4f78a7fd5 Filesystem access.
pkgs/python/[email protected]/azure/ai/inference/prompts/_tracer.py:306
        with open(trace_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cf19cf2ffd7f3f3 Filesystem access.
pkgs/python/[email protected]/azure/ai/inference/prompts/_utils.py:22
    with open(file_path, "r", encoding=encoding) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e094a3d8f01df0db Environment-variable access.
pkgs/python/[email protected]/azure/ai/inference/tracing.py:147
            var_value = os.environ.get("AZURE_TRACING_GEN_AI_CONTENT_RECORDING_ENABLED")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c99cce0d3c33128b Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_chat_completions_async.py:35
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d59bff70f2ee073c Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_chat_completions_async.py:36
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a50431cb140c25b Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_chat_completions_from_input_bytes_async.py:37
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2e71caef7af634f Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_chat_completions_from_input_bytes_async.py:38
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ce2af14a0bccbe1 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_chat_completions_from_input_dict_async.py:38
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ca214bcf9634318 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_chat_completions_from_input_dict_async.py:39
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5bd8261cdf82421 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_chat_completions_streaming_async.py:36
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ba88af361ecec52 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_chat_completions_streaming_async.py:37
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7b36914e143945e Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_chat_completions_streaming_azure_openai_async.py:38
        endpoint = os.environ["AZURE_OPENAI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1768ebd651c38431 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_chat_completions_streaming_azure_openai_async.py:50
            key = os.environ["AZURE_OPENAI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6394d958e0da05e2 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_embeddings_async.py:34
        endpoint = os.environ["AZURE_AI_EMBEDDINGS_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5990aa1dcea4df74 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_embeddings_async.py:35
        key = os.environ["AZURE_AI_EMBEDDINGS_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c252be8a8f04525 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_image_embeddings_async.py:32
        endpoint = os.environ["AZURE_AI_IMAGE_EMBEDDINGS_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d8b0968d2c9cd3f Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_image_embeddings_async.py:33
        key = os.environ["AZURE_AI_IMAGE_EMBEDDINGS_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f0759657e4499a5 Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_load_client_async.py:30
        endpoint = os.environ["AZURE_AI_EMBEDDINGS_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3cfd8fddcfd765b Environment-variable access.
pkgs/python/[email protected]/samples/async_samples/sample_load_client_async.py:31
        key = os.environ["AZURE_AI_EMBEDDINGS_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e15fe4ded45c7cf Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions.py:31
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b3148aa39c319ef Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions.py:32
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ba05140fc8a089b Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_azure_openai.py:36
        endpoint = os.environ["AZURE_OPENAI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72e8295a1edaf474 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_azure_openai.py:48
            key = os.environ["AZURE_OPENAI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74bcbb2a25de6465 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_from_input_bytes.py:37
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edbfbe8c61f37ada Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_from_input_bytes.py:38
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31c50d72750deeec Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_from_input_dict.py:38
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c03ce3c494176451 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_from_input_dict.py:39
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1633992ef388286f Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_from_input_dict_with_image_url.py:42
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4bcf48a0a209d62 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_from_input_dict_with_image_url.py:43
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5093131f495a18e Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_from_input_dict_with_image_url.py:50
        model_deployment = os.environ["AZURE_AI_CHAT_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77652a3c7ec86c47 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_from_input_prompt_string.py:36
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08fc8e312a42c917 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_from_input_prompt_string.py:37
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f8dd2c971605d73 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_from_input_prompty.py:36
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8b12285c144de1c Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_from_input_prompty.py:37
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca236b7d4b5571f7 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_streaming.py:31
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #349133637252ea0a Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_streaming.py:32
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f69127d353ec2c54 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_streaming_with_entra_id_auth.py:31
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a22a78b475d80a6 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_streaming_with_entra_id_auth.py:38
        model_deployment = os.environ["AZURE_AI_CHAT_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9d24ebf6d3f9aa1 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_streaming_with_tools.py:45
            endpoint = os.environ["AZURE_OPENAI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1885a156059058e6 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_streaming_with_tools.py:46
            key = os.environ["AZURE_OPENAI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ef7de6d6b81e5ba Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_streaming_with_tools.py:48
            endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6175796dc25f8894 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_streaming_with_tools.py:49
            key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc499879da3b3df4 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_audio_data.py:47
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3650638c101ed63 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_audio_data.py:48
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #617010ccd5aefc92 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_audio_data.py:55
        model_deployment = os.environ["AZURE_AI_CHAT_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9043877b7efcefd2 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_azure_monitor_tracing.py:151
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ed4b58fd9cbef6a Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_azure_monitor_tracing.py:152
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d817e03518b34b3e Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_defaults.py:33
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1793813e02dd5ae7 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_defaults.py:34
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8600c7a45e06ca23 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_entra_id_auth.py:42
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba65ee4f91ea0e48 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_entra_id_auth.py:43
        model_deployment_name = os.environ["AZURE_AI_CHAT_MODEL_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6490f2aa900fef9 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_history.py:32
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4d80f7b3507261c Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_history.py:33
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03ca72faa5827495 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_image_data.py:47
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26f2158bc732835e Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_image_data.py:48
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64077948e2ddd049 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_image_data.py:55
        model_deployment = os.environ["AZURE_AI_CHAT_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6b66a5895da0260 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_image_url.py:47
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea83fdbe43586c2b Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_image_url.py:48
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #943058aaf02a8f65 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_image_url.py:55
        model_deployment = os.environ["AZURE_AI_CHAT_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29f85e7a8ec4b307 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_model_extras.py:33
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6df8fbc893902f55 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_model_extras.py:34
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e68227e5ea005b61 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_structured_output.py:54
        endpoint = os.environ["AZURE_OPENAI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6db89218790f4f8f Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_structured_output.py:55
        key = os.environ["AZURE_OPENAI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9f29cfb31e2d424 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_structured_output_pydantic.py:57
        endpoint = os.environ["AZURE_OPENAI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7379f9f67071e6e Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_structured_output_pydantic.py:58
        key = os.environ["AZURE_OPENAI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #676114771371d185 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_tools.py:34
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f93bd8c8dfc4697 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_tools.py:35
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afdb722263bd8803 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_tracing.py:170
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10f3f5b9046ac002 Environment-variable access.
pkgs/python/[email protected]/samples/sample_chat_completions_with_tracing.py:171
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f79b6cb22dd1207 Environment-variable access.
pkgs/python/[email protected]/samples/sample_embeddings.py:32
        endpoint = os.environ["AZURE_AI_EMBEDDINGS_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #060cf02488936919 Environment-variable access.
pkgs/python/[email protected]/samples/sample_embeddings.py:33
        key = os.environ["AZURE_AI_EMBEDDINGS_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad7f6df2f161518c Environment-variable access.
pkgs/python/[email protected]/samples/sample_embeddings_azure_openai.py:36
        endpoint = os.environ["AZURE_OPENAI_EMBEDDINGS_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed9f92a04911ec9a Environment-variable access.
pkgs/python/[email protected]/samples/sample_embeddings_azure_openai.py:48
            key = os.environ["AZURE_OPENAI_EMBEDDINGS_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69ef47cb94c92b77 Environment-variable access.
pkgs/python/[email protected]/samples/sample_embeddings_with_base64_encoding.py:32
        endpoint = os.environ["AZURE_AI_EMBEDDINGS_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #338b5e891be1a195 Environment-variable access.
pkgs/python/[email protected]/samples/sample_embeddings_with_base64_encoding.py:33
        key = os.environ["AZURE_AI_EMBEDDINGS_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #443be76c140b93f4 Environment-variable access.
pkgs/python/[email protected]/samples/sample_embeddings_with_defaults.py:33
        endpoint = os.environ["AZURE_AI_EMBEDDINGS_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9743951de6df5d4 Environment-variable access.
pkgs/python/[email protected]/samples/sample_embeddings_with_defaults.py:34
        key = os.environ["AZURE_AI_EMBEDDINGS_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #188b725ffde61d50 Environment-variable access.
pkgs/python/[email protected]/samples/sample_get_model_info.py:30
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a42332f6b5c1f125 Environment-variable access.
pkgs/python/[email protected]/samples/sample_get_model_info.py:31
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d9fcaf9e2833432 Environment-variable access.
pkgs/python/[email protected]/samples/sample_image_embeddings.py:31
        endpoint = os.environ["AZURE_AI_IMAGE_EMBEDDINGS_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0fc43cf893150a3 Environment-variable access.
pkgs/python/[email protected]/samples/sample_image_embeddings.py:32
        key = os.environ["AZURE_AI_IMAGE_EMBEDDINGS_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #825733668ff72bf5 Environment-variable access.
pkgs/python/[email protected]/samples/sample_image_embeddings_with_defaults.py:33
        endpoint = os.environ["AZURE_AI_IMAGE_EMBEDDINGS_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae25edc425f3c47e Environment-variable access.
pkgs/python/[email protected]/samples/sample_image_embeddings_with_defaults.py:34
        key = os.environ["AZURE_AI_IMAGE_EMBEDDINGS_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3781cab5e0215fff Environment-variable access.
pkgs/python/[email protected]/samples/sample_load_client.py:30
        endpoint = os.environ["AZURE_AI_CHAT_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a8e07b2eb406d12 Environment-variable access.
pkgs/python/[email protected]/samples/sample_load_client.py:31
        key = os.environ["AZURE_AI_CHAT_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d74cb62145f228b4 Filesystem access.
pkgs/python/[email protected]/setup.py:22
with open(os.path.join(package_folder_path, "_version.py"), "r") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #870e7ec43f238efe Filesystem access.
pkgs/python/[email protected]/setup.py:33
    long_description=open("README.md", "r").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

crewai-core

python dependency
medium telemetry dependency Excluded from app score #b0f7195455a19591 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai_core/telemetry.py:22
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6cacaeecd3179e11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai_core/telemetry.py:23
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a066a0a92426b16 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai_core/telemetry.py:24
from opentelemetry.sdk.resources import SERVICE_NAME, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d5a2d4facd0715d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai_core/telemetry.py:25
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a048ee1c15256e32 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai_core/telemetry.py:26
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    SpanExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #37771de3ce40b572 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/crewai_core/telemetry.py:30
from opentelemetry.trace import ProxyTracerProvider, Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 21 low-confidence finding(s)
low env_fs dependency Excluded from app score #adc32aec8d9346e1 Environment-variable access.
pkgs/python/[email protected]/src/crewai_core/lock_store.py:33
_REDIS_URL: str | None = os.environ.get("REDIS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #838815fb49b3290a Environment-variable access.
pkgs/python/[email protected]/src/crewai_core/paths.py:13
    return os.environ.get("CREWAI_STORAGE_DIR", Path.cwd().name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #089db4d6fa80096d Environment-variable access.
pkgs/python/[email protected]/src/crewai_core/plus_api.py:168
            os.getenv("CREWAI_PLUS_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b609fc69b444dbe0 Filesystem access.
pkgs/python/[email protected]/src/crewai_core/project.py:26
    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e6fb95037300d24 Filesystem access.
pkgs/python/[email protected]/src/crewai_core/project.py:163
        with open(pyproject_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14b6847082c80766 Filesystem access.
pkgs/python/[email protected]/src/crewai_core/settings.py:97
                test_file.write_text("test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17efa337893adbed Environment-variable access.
pkgs/python/[email protected]/src/crewai_core/telemetry.py:125
            os.getenv("OTEL_SDK_DISABLED", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d97137d745951af Environment-variable access.
pkgs/python/[email protected]/src/crewai_core/telemetry.py:126
            or os.getenv("CREWAI_DISABLE_TELEMETRY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1e5687984b1440d Environment-variable access.
pkgs/python/[email protected]/src/crewai_core/telemetry.py:127
            or os.getenv("CREWAI_DISABLE_TRACKING", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdd49bb73f250d3d Environment-variable access.
pkgs/python/[email protected]/src/crewai_core/token_manager.py:88
            base_path = os.environ.get("LOCALAPPDATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #009611bbe26723a0 Filesystem access.
pkgs/python/[email protected]/src/crewai_core/token_manager.py:150
            with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0592f4e5701c720 Environment-variable access.
pkgs/python/[email protected]/src/crewai_core/tool_credentials.py:24
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f9fce6bc8a4baaa Environment-variable access.
pkgs/python/[email protected]/src/crewai_core/tool_credentials.py:42
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0722ea97a4406fdd Filesystem access.
pkgs/python/[email protected]/src/crewai_core/user_data.py:39
            return cast(dict[str, Any], json.loads(p.read_text()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #529da051d0dae0bd Filesystem access.
pkgs/python/[email protected]/src/crewai_core/user_data.py:49
        p.write_text(json.dumps(data, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cffbafce340b647f Environment-variable access.
pkgs/python/[email protected]/src/crewai_core/user_data.py:86
    if os.getenv("CREWAI_TRACING_ENABLED", "false").lower() in ("true", "1"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #391811bc4608aaf9 Filesystem access.
pkgs/python/[email protected]/src/crewai_core/version.py:117
            cache_data = json.loads(cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5033d7ffecd18aa8 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/crewai_core/version.py:125
        with request.urlopen(
            "https://pypi.org/pypi/crewai/json", timeout=timeout
        ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7fcbfe2851a52feb Filesystem access.
pkgs/python/[email protected]/src/crewai_core/version.py:142
            cache_file.write_text(json.dumps(cache_data))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #045232d810a7a096 Filesystem access.
pkgs/python/[email protected]/src/crewai_core/version.py:154
            cache_data = json.loads(cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98ed411f1fcc024f Filesystem access.
pkgs/python/[email protected]/src/crewai_core/version.py:168
        cache_data = json.loads(cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

a2a-sdk

python dependency
medium telemetry dependency Excluded from app score #e5d2845f7d130a47 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/a2a/utils/telemetry.py:81
    from opentelemetry.trace import (
        SpanKind as SpanKindType,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #35a781353377fda0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/a2a/utils/telemetry.py:90
    from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1c4d9c35ca3e53cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/a2a/utils/telemetry.py:91
    from opentelemetry.trace import (
        SpanKind as _SpanKind,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0dc710697078853d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/a2a/utils/telemetry.py:94
    from opentelemetry.trace import (
        StatusCode,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #d0ff24d206ef6a29 Environment-variable access.
pkgs/python/[email protected]/itk/main.py:55
log_level_str = os.environ.get('ITK_LOG_LEVEL', 'INFO').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #772e2d9d6722e638 Environment-variable access.
pkgs/python/[email protected]/src/a2a/a2a_db_cli.py:144
        os.environ['DATABASE_URL'] = db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f897d8fef46505e9 Environment-variable access.
pkgs/python/[email protected]/src/a2a/migrations/env.py:25
db_url = os.getenv('DATABASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #792a4d32d3bd27a4 Environment-variable access.
pkgs/python/[email protected]/src/a2a/utils/telemetry.py:112
env_value = os.getenv(ENABLED_ENV_VAR, 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #150cc398eed17462 Environment-variable access.
pkgs/python/[email protected]/tck/sut_agent.py:145
    http_port = int(os.environ.get('HTTP_PORT', '41241'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #735ec8a468a1d3d5 Environment-variable access.
pkgs/python/[email protected]/tck/sut_agent.py:147
    grpc_port = int(os.environ.get('GRPC_PORT', '50051'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e27443e052a3986f Environment-variable access.
pkgs/python/[email protected]/tck/sut_agent_with_vertex_task_store.py:20
    project = os.environ.get('VERTEX_PROJECT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d86edae0e4ec9852 Environment-variable access.
pkgs/python/[email protected]/tck/sut_agent_with_vertex_task_store.py:21
    location = os.environ.get('VERTEX_LOCATION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6a8905fe32a4bf8 Environment-variable access.
pkgs/python/[email protected]/tck/sut_agent_with_vertex_task_store.py:22
    base_url = os.environ.get('VERTEX_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf36202e59edf227 Environment-variable access.
pkgs/python/[email protected]/tck/sut_agent_with_vertex_task_store.py:23
    api_version = os.environ.get('VERTEX_API_VERSION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0230c16909b23ec1 Environment-variable access.
pkgs/python/[email protected]/tck/sut_agent_with_vertex_task_store.py:24
    agent_engine_resource_id = os.environ.get('AGENT_ENGINE_RESOURCE_ID')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

scrapfly-sdk

python dependency
medium telemetry dependency Excluded from app score #cc9262e69c69b963 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/scrapfly/reporter/sentry.py:42
            import sentry_sdk  # noqa: F401  # validate the dependency is present

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bda461b1c1d4eb83 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/scrapfly/reporter/sentry.py:55
        from sentry_sdk import capture_exception, push_scope

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6a40827d9d41f5d3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/scrapfly/reporter/sentry.py:57
        with push_scope() as scope:

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #35b71c598d4b02c5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/scrapfly/reporter/sentry.py:75
                capture_exception(error)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #e970083c1314af76 Filesystem access.
pkgs/python/[email protected]/scrapfly/api_response.py:611
            file = open(file_path, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac056a4e2d6e45a5 Filesystem access.
pkgs/python/[email protected]/scrapfly/client.py:1154
        with open(file_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4177e8a90389c233 Filesystem access.
pkgs/python/[email protected]/scrapfly/client.py:1230
            file = open(file_path, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e728dd2753b8557 Filesystem access.
pkgs/python/[email protected]/scrapfly/client.py:1840
            with open(save_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b381a4e30c7554a1 Filesystem access.
pkgs/python/[email protected]/scrapfly/client.py:1892
        with open(file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ab5bc25fecdef42 Filesystem access.
pkgs/python/[email protected]/scrapfly/crawler/crawler_response.py:502
        with open(filepath, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36ea1c8930aabe3d Environment-variable access.
pkgs/python/[email protected]/scrapfly/scrapy/spider.py:114
        return environ.get('SPIDER_RUN_ID') or str(uuid.uuid4())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ca0e750874b3f1a Filesystem access.
pkgs/python/[email protected]/setup.py:24
txt = (HERE / MODULE / '__init__.py').read_text('utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15c6e93fb36294a8 Filesystem access.
pkgs/python/[email protected]/setup.py:41
    return (HERE / f).read_text('utf-8').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

bedrock-agentcore

python dependency
medium telemetry dependency Excluded from app score #72015a8d76d6f489 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/bedrock_agentcore/runtime/tracing.py:47
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f3a66868780fe80 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/bedrock_agentcore/runtime/tracing.py:83
        from opentelemetry.sdk.trace import SpanProcessor  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #61ed8d54ae7df093 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/bedrock_agentcore/runtime/tracing.py:121
                from opentelemetry import baggage as otel_baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 167 low-confidence finding(s)
low env_fs tooling reachable #c84e1ad0c7996f42 Filesystem access.
pkgs/python/[email protected]/scripts/bump_version.py:11
    content = Path("pyproject.toml").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #71b9e24518eeb2ba Filesystem access.
pkgs/python/[email protected]/scripts/bump_version.py:56
    content = file_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #05442ecf5f48e36b Filesystem access.
pkgs/python/[email protected]/scripts/bump_version.py:67
        file_path.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8b6fafc0242c295c Filesystem access.
pkgs/python/[email protected]/scripts/bump_version.py:76
    content = pyproject.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #43e16dcab4e91ad6 Filesystem access.
pkgs/python/[email protected]/scripts/bump_version.py:84
        pyproject.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5b19b32b1aa08d5f Filesystem access.
pkgs/python/[email protected]/scripts/bump_version.py:163
        content = changelog_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #22c741709bcfef3c Filesystem access.
pkgs/python/[email protected]/scripts/bump_version.py:191
    changelog_path.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72b2a59c1678d114 Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/_utils/endpoints.py:8
DP_ENDPOINT_OVERRIDE = os.getenv("BEDROCK_AGENTCORE_DP_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b4c17d1da88608f Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/_utils/endpoints.py:9
CP_ENDPOINT_OVERRIDE = os.getenv("BEDROCK_AGENTCORE_CP_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e210e3c19ba8635 Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/_utils/endpoints.py:10
DEFAULT_REGION = os.getenv("AWS_REGION") or os.getenv("AWS_DEFAULT_REGION") or "us-west-2"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5da74268aa491c99 Filesystem access.
pkgs/python/[email protected]/src/bedrock_agentcore/evaluation/runner/dataset_providers.py:74
            with open(self._file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #221d8b1423e3a21c Filesystem access.
pkgs/python/[email protected]/src/bedrock_agentcore/evaluation/runner/dataset_providers.py:77
            with open(self._file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f814c5ac08e0c46 Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/identity/auth.py:290
        if os.getenv("DOCKER_CONTAINER") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef06959286fdf281 Filesystem access.
pkgs/python/[email protected]/src/bedrock_agentcore/identity/auth.py:310
            with open(config_path, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6118597ad5dad099 Filesystem access.
pkgs/python/[email protected]/src/bedrock_agentcore/identity/auth.py:331
        with open(config_path, "w", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04dbdba575089440 Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/identity/auth.py:340
    region_env = os.getenv("AWS_REGION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ece73296def3026a Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/memory/controlplane.py:37
        service_name = os.getenv("BEDROCK_AGENTCORE_CONTROL_SERVICE", "bedrock-agentcore-control")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93b4e6bc606d14ca Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/memory/controlplane.py:39
        control_endpoint = os.getenv("BEDROCK_AGENTCORE_CONTROL_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9da4f464cac608c Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/memory/session.py:179
            region_name or session_region or os.environ.get("AWS_REGION") or boto3.Session().region_name or "us-west-2"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1e306ca82b7afb6 Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/payments/manager.py:316
            region_name or session_region or os.environ.get("AWS_REGION") or boto3.Session().region_name or "us-west-2"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4b780f5a4c91810 Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/runtime/a2a.py:217
    runtime_url = os.environ.get(AGENTCORE_RUNTIME_URL_ENV, "http://localhost:9000/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d0f24b0e807096e Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/runtime/a2a.py:221
    elif os.environ.get(AGENTCORE_RUNTIME_URL_ENV):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d146a855e0f468e Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/runtime/a2a.py:297
        if os.path.exists("/.dockerenv") or os.environ.get("DOCKER_CONTAINER"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90c90cf45fc8b859 Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/runtime/ag_ui.py:139
            if os.path.exists("/.dockerenv") or os.environ.get("DOCKER_CONTAINER"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #477da657988f8a6d Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/runtime/app.py:83
        otel_attrs = os.environ.get("OTEL_RESOURCE_ATTRIBUTES", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #703f6e0ad84199f7 Environment-variable access.
pkgs/python/[email protected]/src/bedrock_agentcore/runtime/app.py:658
            if os.path.exists("/.dockerenv") or os.environ.get("DOCKER_CONTAINER"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48a401745463cc8a Filesystem access.
pkgs/python/[email protected]/tests_integ/async/interactive_async_strands.py:159
            with open(self.result_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e23edeca81517a3 Filesystem access.
pkgs/python/[email protected]/tests_integ/async/interactive_async_strands.py:211
            with open(processor.result_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55a20a7f07cd1fe0 Filesystem access.
pkgs/python/[email protected]/tests_integ/async/interactive_async_strands.py:333
        with open(result_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afd51ebb820a29b1 Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/integrations/strands_agents_evals/test_strands_evaluation.py:20
REGION = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5d7f166cb6e8354 Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/integrations/strands_agents_evals/test_strands_evaluation.py:42
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #529ce225ea69e7c0 Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_dataset_client.py:22
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7ee3b06b7f79276 Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_dataset_client.py:53
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2d3bdb5caa6f39a Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_evaluation_passthrough.py:18
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #552211c9bf514715 Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_evaluation_passthrough.py:54
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22b78b5815eb6ffd Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_evaluation_passthrough.py:131
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1005a021f85bd8bb Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_evaluation_passthrough.py:132
        cls.role_arn = os.environ.get("EVAL_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a44dd204642e4842 Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_evaluation_passthrough.py:133
        cls.log_group = os.environ.get("EVAL_LOG_GROUP")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6088a193a1ffe9b7 Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_runners_with_service_dataset.py:33
RUNTIME_ARN = os.environ.get("INTEG_AGENT_RUNTIME_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b81ce93543e705ed Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_runners_with_service_dataset.py:34
REGION = RUNTIME_ARN.split(":")[3] if RUNTIME_ARN else os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee219ef69a89dc0e Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_runners_with_service_dataset.py:68
        cls.log_group = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #870fbda99bfb96c5 Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_runners_with_service_dataset.py:68
        cls.log_group = os.environ.get(
            "INTEG_AGENT_LOG_GROUP",
            f"/aws/bedrock-agentcore/runtimes/{cls.runtime_id}-DEFAULT",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fd00fa347bec86d Environment-variable access.
pkgs/python/[email protected]/tests_integ/evaluation/test_service_dataset_provider.py:30
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0805b8d42838b47 Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/integrations/test_agentcore_tool_search_plugin.py:157
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df177f578b739cce Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/integrations/test_agentcore_tool_search_plugin.py:158
        cls.role_arn = os.environ.get("GATEWAY_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef6da9a1862618d2 Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/integrations/test_agentcore_tool_search_plugin.py:159
        cls.lambda_arn = os.environ.get("GATEWAY_LAMBDA_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ecefd3cb2ba3752 Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/integrations/test_agentcore_tool_search_plugin.py:432
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83147c38b585b9c2 Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/test_gateway_client.py:23
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41fcef24b0679e56 Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/test_gateway_client.py:24
        cls.role_arn = os.environ.get("GATEWAY_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a01e5b5f821e2257 Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/test_gateway_client.py:127
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a99ca7eb7ad698cb Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/test_gateway_client.py:128
        cls.role_arn = os.environ.get("GATEWAY_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4a039700c7a430f Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/test_gateway_client.py:129
        cls.lambda_arn = os.environ.get("GATEWAY_LAMBDA_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aabfbc866255f05e Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/test_gateway_kb_targets.py:25
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed614af8167bd0cd Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/test_gateway_kb_targets.py:26
        cls.gateway_role_arn = os.environ.get("GATEWAY_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27fbe2e25a43a929 Environment-variable access.
pkgs/python/[email protected]/tests_integ/gateway/test_gateway_kb_targets.py:27
        cls.kb_role_arn = os.environ.get("KB_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6f87ada48e54635 Environment-variable access.
pkgs/python/[email protected]/tests_integ/identity/test_identity_client.py:22
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fe1e0541d8a9688 Environment-variable access.
pkgs/python/[email protected]/tests_integ/identity/test_identity_client.py:79
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b80dfab1e413e60 Environment-variable access.
pkgs/python/[email protected]/tests_integ/identity/test_identity_client.py:80
        cls.pool_id = os.environ.get("COGNITO_POOL_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b514a5859731504e Environment-variable access.
pkgs/python/[email protected]/tests_integ/identity/test_identity_client.py:81
        cls.client_id = os.environ.get("COGNITO_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b75ece84d32a55f Environment-variable access.
pkgs/python/[email protected]/tests_integ/identity/test_identity_client.py:82
        cls.client_secret = os.environ.get("COGNITO_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b1050129ea44227 Environment-variable access.
pkgs/python/[email protected]/tests_integ/knowledge_base/test_knowledge_base_client.py:25
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b851e74e2c76143 Environment-variable access.
pkgs/python/[email protected]/tests_integ/knowledge_base/test_knowledge_base_client.py:26
        cls.role_arn = os.environ.get("KB_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79cb4af80403cd17 Environment-variable access.
pkgs/python/[email protected]/tests_integ/memory/integrations/test_session_manager.py:32
REGION = os.environ.get("BEDROCK_TEST_REGION", "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #473e69e1aba16112 Environment-variable access.
pkgs/python/[email protected]/tests_integ/memory/integrations/test_session_manager.py:42
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4513ebe7776d2159 Environment-variable access.
pkgs/python/[email protected]/tests_integ/memory/test_controlplane.py:17
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a66f78a18298c63 Environment-variable access.
pkgs/python/[email protected]/tests_integ/memory/test_memory_client.py:32
        cls.kinesis_stream_arn = os.environ.get("MEMORY_KINESIS_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #961314f56506936e Environment-variable access.
pkgs/python/[email protected]/tests_integ/memory/test_memory_client.py:33
        cls.execution_role_arn = os.environ.get("MEMORY_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #384c8ce0fa740aa9 Environment-variable access.
pkgs/python/[email protected]/tests_integ/memory/test_memory_client.py:38
        cls.prepopulated_memory_id = os.environ.get("MEMORY_PREPOPULATED_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dab8f3471c59b940 Environment-variable access.
pkgs/python/[email protected]/tests_integ/memory/test_memory_client.py:39
        cls.prepopulated_actor_id = os.environ.get("MEMORY_PREPOPULATED_ACTOR_ID", "integ-test-actor")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6d5d59e467bf00b Environment-variable access.
pkgs/python/[email protected]/tests_integ/memory/test_memory_client.py:40
        cls.prepopulated_session_id = os.environ.get("MEMORY_PREPOPULATED_SESSION_ID", "integ-test-session")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc4c199eba8fbf77 Environment-variable access.
pkgs/python/[email protected]/tests_integ/memory/test_memory_client.py:44
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8737d1d1c98b2554 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:38
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22cee06aab25e073 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:39
        cls.user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d155361c3f87dd6 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:40
        cls.payment_manager_arn = os.environ.get("TEST_PAYMENT_MANAGER_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f8fdfbed43406ff Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:41
        cls.payment_instrument_id = os.environ.get("TEST_PAYMENT_INSTRUMENT_ID", "payment-instrument-abcdefghijklmno")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1571b43cd73a8eb2 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:42
        cls.payment_session_id = os.environ.get("TEST_PAYMENT_SESSION_ID", "payment-session-abcdefghijklmno")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #472e3e4ec10ed458 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:191
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd9a7b7b72ba819e Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:192
        cls.user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0151ee02e1bb2ea5 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:193
        cls.payment_manager_arn = os.environ.get("TEST_PAYMENT_MANAGER_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33f2b1b7f7be0236 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:194
        cls.payment_instrument_id = os.environ.get("TEST_PAYMENT_INSTRUMENT_ID", "payment-instrument-abcdefghijklmno")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #962609460b791e1d Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:195
        cls.payment_session_id = os.environ.get("TEST_PAYMENT_SESSION_ID", "payment-session-abcdefghijklmno")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5c594442805f299 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:286
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfc8807ae371ff02 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:287
        cls.user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf3108992a50ec0d Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:288
        cls.payment_manager_arn = os.environ.get("TEST_PAYMENT_MANAGER_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a83e564ec3c3bf5a Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:289
        cls.payment_instrument_id = os.environ.get("TEST_PAYMENT_INSTRUMENT_ID", "payment-instrument-abcdefghijklmno")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fe5ad8641089aff Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_payment_tools_integration.py:290
        cls.payment_session_id = os.environ.get("TEST_PAYMENT_SESSION_ID", "payment-session-abcdefghijklmno")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9920604df1210d3 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:38
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3f38fa01d900ce6 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:39
        cls.user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63ba43f682445bd7 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:81
                        instrument_id = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f81c94025c33ab83 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:81
                        instrument_id = os.environ.get(
                            "TEST_PAYMENT_INSTRUMENT_ID", "payment-instrument-abcdefghijklmno"
                        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30befd8aa59b74cf Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:101
                        session_id = os.environ.get("TEST_PAYMENT_SESSION_ID", "payment-session-abcdefghijklmno")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5011dfaed086d921 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:118
                        session_id = os.environ.get("TEST_PAYMENT_SESSION_ID", "payment-session-abcdefghijklmno")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f39217ed174d9e6 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:149
            payment_manager_arn=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e2cca457a4f25f2 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:149
            payment_manager_arn=os.environ.get(
                "TEST_PAYMENT_MANAGER_ARN",
                "arn:aws:bedrock-agentcore:us-west-2:12345678910:payment-manager/mypaymentmanager-cyrc25gr4c",
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1607015eaa0388aa Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:154
            payment_session_id=os.environ.get("TEST_PAYMENT_SESSION_ID", "payment-session-bWOGg4z2irAGbzA"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa39b1cc3b92104d Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:155
            payment_instrument_id=os.environ.get("TEST_PAYMENT_INSTRUMENT_ID", "payment-instrument-vnL29CKAdyESdQ7"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef6a351b9b7f1af8 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:194
        payment_manager_arn = os.environ.get("TEST_PAYMENT_MANAGER_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25788a85e1f9ec0e Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:425
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5fbb1aa867c1185 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:426
        cls.user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe75f0946cf34a79 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:458
        payment_manager_arn = os.environ.get("TEST_PAYMENT_MANAGER_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91c5dce74536df5b Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:468
            payment_instrument_id=os.environ.get("TEST_PAYMENT_INSTRUMENT_ID", "payment-instrument-test123"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #710f35373051311d Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:469
            payment_session_id=os.environ.get("TEST_PAYMENT_SESSION_ID", "payment-session-test456"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #562cb198eafccfae Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:645
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b08e9a7bbcd4152 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:646
        cls.user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #517c3183ba3ad147 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:651
            payment_manager_arn=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #493788a327725e3c Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:651
            payment_manager_arn=os.environ.get(
                "TEST_PAYMENT_MANAGER_ARN",
                "arn:aws:bedrock-agentcore:us-west-2:12345678910:payment-manager/mypaymentmanager-cyrc25gr4c",
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51824a4a01d71efa Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:656
            payment_session_id=os.environ.get("TEST_PAYMENT_SESSION_ID", "payment-session-bWOGg4z2irAGbzA"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #507f5b63f408e7ee Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:657
            payment_instrument_id=os.environ.get("TEST_PAYMENT_INSTRUMENT_ID", "payment-instrument-vnL29CKAdyESdQ7"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb67a5866f46e9f9 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:670
            payment_manager_arn=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32a675d18c45f8b9 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:670
            payment_manager_arn=os.environ.get(
                "TEST_PAYMENT_MANAGER_ARN",
                "arn:aws:bedrock-agentcore:us-west-2:12345678910:payment-manager/mypaymentmanager-cyrc25gr4c",
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e6794078a57ef8c Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:675
            payment_session_id=os.environ.get("TEST_PAYMENT_SESSION_ID", "payment-session-bWOGg4z2irAGbzA"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8059f5001df91736 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:676
            payment_instrument_id=os.environ.get("TEST_PAYMENT_INSTRUMENT_ID", "payment-instrument-vnL29CKAdyESdQ7"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a583cf287dc22d81 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:692
            payment_manager_arn=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #478ee5978c16eb4f Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:692
            payment_manager_arn=os.environ.get(
                "TEST_PAYMENT_MANAGER_ARN",
                "arn:aws:bedrock-agentcore:us-west-2:12345678910:payment-manager/mypaymentmanager-cyrc25gr4c",
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #402ed758419cf99f Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:697
            payment_session_id=os.environ.get("TEST_PAYMENT_SESSION_ID", "payment-session-bWOGg4z2irAGbzA"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #412f053207fb0ffd Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:698
            payment_instrument_id=os.environ.get("TEST_PAYMENT_INSTRUMENT_ID", "payment-instrument-vnL29CKAdyESdQ7"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e85f4ae8b2403235 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:730
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0225baf72116eabf Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/integrations/strands/test_plugin_integration.py:731
        cls.user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b455e35eef643ee2 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_client.py:66
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af382be2cc7e3c6c Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_client.py:67
        cls.role_arn = os.environ.get("RUNTIME_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24b31b68894fc6d0 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_client.py:271
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79a0f39c33935f98 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_client.py:280
        cls.api_key_secret = os.environ.get("PAYMENT_TEST_API_KEY_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7fd90deab5f5a15 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_client.py:281
        cls.wallet_secret = os.environ.get("PAYMENT_TEST_WALLET_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e368579a687347c Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_client.py:283
        cls.role_arn = os.environ.get("RUNTIME_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98a0e950668c1ce3 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:64
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa098e2d16154ee8 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:66
        cls.payment_manager_arn = os.environ.get("TEST_PAYMENT_MANAGER_ARN", default_arn)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c060fc6c425c493c Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:67
        cls.payment_connector_id = os.environ.get("TEST_PAYMENT_CONNECTOR_ID", "pc-test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f61392036d1df1d4 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:68
        cls.user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73fb9fc870024437 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:99
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0041be18912d5949 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:100
        cls.payment_manager_arn = os.environ.get("TEST_PAYMENT_MANAGER_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d8b1bd042bc40de Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:101
        cls.payment_connector_id = os.environ.get("TEST_PAYMENT_CONNECTOR_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #683cc9817c5d865f Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:102
        cls.user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30b622bc5e3466e2 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:126
        not os.environ.get("TEST_PAYMENT_MANAGER_ARN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a551fa240762735 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:188
        not os.environ.get("TEST_PAYMENT_MANAGER_ARN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cddc2a3ce18204fc Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:220
        not os.environ.get("TEST_PAYMENT_MANAGER_ARN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7eb8df253dc56c5 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:238
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e484d4af05d988a Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:239
        cls.payment_manager_arn = os.environ.get("TEST_PAYMENT_MANAGER_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #886e79d53e51737e Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:240
        cls.payment_connector_id = os.environ.get("TEST_PAYMENT_CONNECTOR_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdc2472f51c866bf Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:241
        cls.user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a14314d7f27349a Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:254
        not os.environ.get("TEST_PAYMENT_MANAGER_ARN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d36641274dccc834 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:271
        not os.environ.get("TEST_PAYMENT_MANAGER_ARN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdec1019eb015c8a Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:305
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64c29bc8ce3e010b Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:306
        cls.payment_manager_arn = os.environ.get("TEST_PAYMENT_MANAGER_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5af74d3f11429da Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:307
        cls.payment_connector_id = os.environ.get("TEST_PAYMENT_CONNECTOR_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37c73d773466d64d Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:308
        cls.user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe189e335404a8cc Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:390
        not os.environ.get("TEST_PAYMENT_MANAGER_ARN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50c99b9578c60fd6 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:469
        not os.environ.get("TEST_PAYMENT_MANAGER_ARN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cce473c0d752b3a Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:554
        not os.environ.get("TEST_PAYMENT_MANAGER_ARN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #916925341ccdd364 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:608
        not os.environ.get("TEST_PAYMENT_MANAGER_ARN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f9d9e17f154db50 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:672
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff8115654cafeae6 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:674
        cls.payment_manager_arn = os.environ.get("TEST_PAYMENT_MANAGER_ARN", default_arn)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #572526c987ea7079 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:751
        not os.environ.get("TEST_PAYMENT_MANAGER_ARN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f52e317befa98d65 Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:766
        user_id = os.environ.get("TEST_USER_ID", f"test-user-{uuid.uuid4().hex[:8]}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ee76c2d74c932ac Environment-variable access.
pkgs/python/[email protected]/tests_integ/payments/test_payment_manager.py:798
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2be884a0dc7ce6e9 Environment-variable access.
pkgs/python/[email protected]/tests_integ/policy/test_policy_engine_client.py:18
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09ee7ae38d08da3e Environment-variable access.
pkgs/python/[email protected]/tests_integ/runtime/test_runtime_passthrough.py:24
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06aa2797ca72229e Environment-variable access.
pkgs/python/[email protected]/tests_integ/runtime/test_runtime_passthrough.py:52
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #462348481f9a5ce6 Environment-variable access.
pkgs/python/[email protected]/tests_integ/runtime/test_runtime_passthrough.py:53
        cls.role_arn = os.environ.get("RUNTIME_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f64a8b1b84fbd0c Environment-variable access.
pkgs/python/[email protected]/tests_integ/runtime/test_runtime_passthrough.py:54
        cls.s3_code_uri = os.environ.get("RUNTIME_S3_CODE_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3dad7466e5a9e62 Filesystem access.
pkgs/python/[email protected]/tests_integ/runtime/test_simple_agent.py:13
        with open(self.agent_module + ".py", "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e80c2c3568d3776c Filesystem access.
pkgs/python/[email protected]/tests_integ/runtime/test_websocket_agent.py:18
        with open(self.agent_module + ".py", "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a31ec167032ca4e6 Environment-variable access.
pkgs/python/[email protected]/tests_integ/services/test_resource_policy.py:45
        cls.resource_arn = os.environ.get("RESOURCE_POLICY_TEST_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55bd3d6f7558c2c3 Environment-variable access.
pkgs/python/[email protected]/tests_integ/services/test_resource_policy.py:46
        cls.principal_arn = os.environ.get("RESOURCE_POLICY_TEST_PRINCIPAL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbad4134781f12df Environment-variable access.
pkgs/python/[email protected]/tests_integ/services/test_resource_policy.py:47
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-west-2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0fa0a17ab413565e Environment-variable access.
pkgs/python/[email protected]/tests_integ/tools/test_code.py:236
secret_arn = os.environ.get("TEST_ROOT_CA_SECRET_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a56ebe0ab3090eaa Environment-variable access.
pkgs/python/[email protected]/tests_integ/tools/test_code.py:237
execution_role_arn = os.environ.get("TEST_EXECUTION_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #553edba9b331f03e Environment-variable access.
pkgs/python/[email protected]/tests_integ/tools/test_code_interpreter_client.py:40
        cls.region = os.environ.get("BEDROCK_TEST_REGION", "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

snowflake-connector-python

python dependency
medium telemetry dependency Excluded from app score #0a9f596866bd39fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/snowflake/connector/aio/_network.py:220
            from opentelemetry.trace.propagation.tracecontext import (
                TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #50734306494f1248 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/snowflake/connector/network.py:486
            from opentelemetry.trace.propagation.tracecontext import (
                TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 156 low-confidence finding(s)
low env_fs dependency Excluded from app score #5e516e5cceb475db Filesystem access.
pkgs/python/[email protected]/setup.py:18
    with open(
        os.path.join(CONNECTOR_SRC_DIR, "generated_version.py"), encoding="utf-8"
    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b268a8feb1c6692 Filesystem access.
pkgs/python/[email protected]/setup.py:23
    with open(os.path.join(CONNECTOR_SRC_DIR, "version.py"), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7e5e8c11a696791 Environment-variable access.
pkgs/python/[email protected]/setup.py:47
    os.environ.get("SNOWFLAKE_DISABLE_COMPILE_ARROW_EXTENSIONS", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2a7346cc5286847 Environment-variable access.
pkgs/python/[email protected]/setup.py:51
    os.environ.get("SNOWFLAKE_NO_BOTO", "false").lower() in _POSITIVE_VALUES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ee24a633fbfc5e9 Environment-variable access.
pkgs/python/[email protected]/setup.py:140
                    if "std=" not in os.environ.get("CXXFLAGS", ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bfa39be19852d77 Environment-variable access.
pkgs/python/[email protected]/setup.py:145
                        and "macosx-version-min" not in os.environ.get("CXXFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b9a5f1fe6bf653d Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/_utils.py:125
    if not os.environ.get(_SPCS_ENV_VAR):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b4be5c3ddee463c Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/_utils.py:128
        with open(_SPCS_TOKEN_PATH, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ad4057e3bc193a4 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/_utils.py:298
        value = str(os.getenv("SNOWFLAKE_DISABLE_MINICORE", None)).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ad14641fb30c1ab Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_azure_storage_client.py:181
            or open(self.meta.real_src_file_name, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a0897f343de9c65 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_connection.py:236
        if "SF_OCSP_RESPONSE_CACHE_SERVER_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3561b7cc1768eb00 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_connection.py:239
                os.environ["SF_OCSP_RESPONSE_CACHE_SERVER_URL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fef3e564739dcda2 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_connection.py:247
            if "SF_OCSP_RESPONSE_CACHE_SERVER_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af8e272fe6db6eb4 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_connection.py:248
                del os.environ["SF_OCSP_RESPONSE_CACHE_SERVER_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9fcafb833262746 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_connection.py:804
        if os.environ.get(_DISABLE_CONNECTION_SHAPE_ENV, "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df8e1a652f6d99cb Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_connection.py:1236
            os.environ["SF_OCSP_RESPONSE_CACHE_SERVER_URL"] = ocsp_cache_server

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f01850731fc64968 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_ocsp_snowflake.py:92
                test_timeout = os.getenv(
                    "SF_TEST_OCSP_CACHE_SERVER_CONNECTION_TIMEOUT", None
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41708886402f334c Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_ocsp_snowflake.py:95
                sf_cache_server_url = os.getenv("SF_TEST_OCSP_CACHE_SERVER_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5404c43786dee371 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_ocsp_snowflake.py:153
        self.test_mode = os.getenv("SF_OCSP_TEST_MODE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3258ca7be98eda06 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_ocsp_snowflake.py:168
        if os.getenv("SF_OCSP_FAIL_OPEN") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b13550c01f1535e3 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_ocsp_snowflake.py:171
            self.FAIL_OPEN = os.getenv("SF_OCSP_FAIL_OPEN").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0acfd89ed086fa01 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_ocsp_snowflake.py:525
            test_ocsp_url = os.getenv("SF_TEST_OCSP_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #252b15e482df0fe7 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_ocsp_snowflake.py:526
            test_timeout = os.getenv(
                "SF_TEST_CA_OCSP_RESPONDER_CONNECTION_TIMEOUT", None
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5ab952ab488792e Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_storage_client.py:284
            or open(self.data_file, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c52691482b1d4c42 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_wif_util.py:38
    region = os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90be64e22b1412ae Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_wif_util.py:302
    identity_endpoint = os.environ.get("IDENTITY_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4468e683bf18867 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_wif_util.py:303
    identity_header = os.environ.get("IDENTITY_HEADER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb8bb428260b7090 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/_wif_util.py:320
    managed_identity_client_id = os.environ.get("MANAGED_IDENTITY_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #651eb8fd35e882c6 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/auth/_webbrowser.py:88
        if os.getenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "False").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbc46504d7a582bf Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/auth/_webbrowser.py:97
            hostname = os.getenv("SF_AUTH_SOCKET_ADDR", "localhost")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be95d418a6db5ecc Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/auth/_webbrowser.py:102
                        int(os.getenv("SF_AUTH_SOCKET_PORT", 0)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e20faf69e35cfe8 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/aio/auth/_webbrowser.py:153
                or os.getenv("SNOWFLAKE_AUTH_FORCE_SERVER", "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24b8e7d06ad1c8d1 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/auth/_auth.py:632
    with open(privatekey_path, "rb") as key:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49dff1df66379744 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/auth/_auth.py:655
    with open(private_key_file, "rb") as key:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #682799ba1c4fef3b Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/auth/_http_server.py:24
    if os.getenv("SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAIT", "false").lower() != "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fef01e0eeebb6c7 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/auth/_http_server.py:79
        if os.getenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "False").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f5f689737dc1e30 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/auth/by_plugin.py:74
                int(getenv("MAX_CON_RETRY_ATTEMPTS", DEFAULT_MAX_CON_RETRY_ATTEMPTS)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #527d857a5a601754 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/auth/keypair.py:67
                os.getenv(
                    "JWT_CNXN_RETRY_ATTEMPTS", AuthByKeyPair.DEFAULT_JWT_RETRY_ATTEMPTS
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f42e3a609596e58 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/auth/keypair.py:78
                    os.getenv(
                        "JWT_CNXN_WAIT_TIME",
                        AuthByKeyPair.DEFAULT_JWT_CNXN_WAIT_TIME,
                    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a71ed090cdff7d6 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/auth/keypair.py:93
            seconds=int(os.getenv("JWT_LIFETIME_IN_SECONDS", lifetime_in_seconds))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a862fe6e941dc66b Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/auth/webbrowser.py:118
        if os.getenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "False").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8f5faee3e701580 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/auth/webbrowser.py:127
            hostname = os.getenv("SF_AUTH_SOCKET_ADDR", "localhost")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31ed08d46bde24a7 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/auth/webbrowser.py:132
                        int(os.getenv("SF_AUTH_SOCKET_PORT", 0)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c0dbac7a855d601 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/auth/webbrowser.py:183
                or os.getenv("SNOWFLAKE_AUTH_FORCE_SERVER", "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1ed9c30684041c4 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/auth/webbrowser.py:231
                    os.getenv("SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAIT", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a49473ec50ebe8c0 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/azure_storage_client.py:234
            or open(self.meta.real_src_file_name, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e56e7972af4ac5fa Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/cache.py:29
test_mode = os.getenv(ENV_VAR_TEST_MODE, "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee177dfa92ed1e5c Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/cache.py:436
            with open(tmp_file, "w") as w_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7910085fe04e90a9 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/cache.py:440
                with open(tmp_file_path) as r_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af1b4d79c8f5ef6e Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/cache.py:508
            with open(self.file_path, "rb") as r_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7045afa647512f4d Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/cache.py:576
                    with open(tmp_file, "wb") as w_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ea49f0dbe75c17e Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/config_manager.py:45
    if SKIP_WARNING_ENV_VAR in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27d55fda81162c5d Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/config_manager.py:46
        return os.getenv(SKIP_WARNING_ENV_VAR, "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b33ca31c0e39c6b7 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/config_manager.py:47
    if SPCS_INJECTED_SKIP_WARNING_ENV_VAR in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14cc8acfe31b4eb1 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/config_manager.py:48
        return os.getenv(SPCS_INJECTED_SKIP_WARNING_ENV_VAR, "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a9bf886c72d3ab6 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/config_manager.py:50
    if DEPRECATED_SKIP_WARNING_ENV_VAR in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8c58811b057eb47 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/config_manager.py:54
        return os.getenv(DEPRECATED_SKIP_WARNING_ENV_VAR, "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3d80a971d26bef2 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/config_manager.py:190
        env_var = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #104bea8687b0e18c Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/config_manager.py:412
                read_config_piece = tomlkit.parse(filep.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16b4cd11273581d0 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/connection.py:197
    with open(private_key_file, "rb") as key:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f719222809a68df Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection.py:1379
        os.environ["SF_OCSP_RESPONSE_CACHE_SERVER_URL"] = ocsp_cache_server

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2e6bcc2abd9d4db Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection.py:1399
        if "SF_OCSP_RESPONSE_CACHE_SERVER_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52acf87dfedaff6b Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection.py:1402
                os.environ["SF_OCSP_RESPONSE_CACHE_SERVER_URL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97884ce77ba99e7c Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection.py:1408
            if "SF_OCSP_RESPONSE_CACHE_SERVER_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb9ea1ee27f9499 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection.py:1409
                del os.environ["SF_OCSP_RESPONSE_CACHE_SERVER_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99afeb2d4369ac64 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/connection.py:1796
            with open(token_file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c26eec6ea909c82a Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection.py:2634
        if os.environ.get(_DISABLE_CONNECTION_SHAPE_ENV, "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c8b82c200c3b614 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection.py:2698
        if ENV_VAR_PARTNER in os.environ.keys():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df41af2ad329071f Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection.py:2699
            return os.environ[ENV_VAR_PARTNER]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca02f9c5d78875fb Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection_diagnostic.py:120
            proxy_url = os.getenv("HTTPS_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8349e793f7a581a3 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/connection_diagnostic.py:318
            results_file = open(self.full_connection_diag_allowlist_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #864c9e6a66926bf4 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection_diagnostic.py:508
            if proxy_key in os.environ.keys():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #281dcda5cb8abdf7 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection_diagnostic.py:509
                env_proxy_backup[proxy_key] = os.environ.get(proxy_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74920ef6724ade96 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection_diagnostic.py:510
                del os.environ[proxy_key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5791d3fb4ee6ac55 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/connection_diagnostic.py:538
            os.environ[restore_key] = env_proxy_backup[restore_key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15088e5d74047e55 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/connection_diagnostic.py:698
        self.report_file.write_text(message)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ebad7d4d44ad7d0 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/crl_cache.py:337
                    with open(crl_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bf0cbc17a98708b Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/crl_cache.py:709
    if "USERPROFILE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b257fb6d2acbdcec Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/crl_cache.py:710
        return Path(os.environ["USERPROFILE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c09ae69ada16630f Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/crl_cache.py:711
    if "HOMEDRIVE" in os.environ and "HOMEPATH" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af81575bad217787 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/crl_cache.py:712
        return Path(os.environ["HOMEDRIVE"]) / os.environ["HOMEPATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57e074acc0a49ab5 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/crl_cache.py:713
    if "LOCALAPPDATA" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be82a930c2afb5cc Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/crl_cache.py:714
        return Path(os.environ["LOCALAPPDATA"]).parent.parent

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c52d148efda580c7 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/crl_cache.py:715
    if "APPDATA" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a25f927f4dd7ca6 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/crl_cache.py:716
        return Path(os.environ["APPDATA"]).parent.parent

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13f01ac644dc0eb3 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/cursor.py:2057
        if "NANOARROW_USAGE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bad51b5d4811711c Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/encryption_util.py:141
        with open(in_filename, "rb") as infile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9843cd7d11ca0022 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/encryption_util.py:215
        with open(in_filename, "rb") as infile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd48c376acff0836 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/encryption_util.py:216
            with open(temp_output_file, "wb", opener=file_opener) as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71021cbb83997b2a Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/file_transfer_agent.py:1171
                        with open(file_name, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f9c6eeff9aaa67b Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/file_util.py:79
        with open(file_name, "rb") as fr:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34c6866caf24787f Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/file_util.py:97
        with open(gzip_file_name, "r+b") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e93ca50df48a266f Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/file_util.py:148
        with open(file_name, "rb") as src:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ac6a88aef5998d6 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/local_storage_client.py:55
        with open(self.stage_file_name, "rb") as sfd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c1e1fe0f766fca5 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/local_storage_client.py:56
            with open(
                os.path.join(
                    self.meta.local_location,
                    os.path.basename(self.intermediate_dst_path),
                ),
                "rb+",
            ) as tfd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a017684ac2e1cad0 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/local_storage_client.py:80
        with open(self.full_dst_file_name, "wb+") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b60f83c6a391213 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/local_storage_client.py:84
        with open(self.full_dst_file_name, "rb+") as tfd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12d969e3b7c7fb78 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_asn1crypto.py:88
        with open(ca_bundle_file, "rb") as all_certs:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad5ac79c2cb1971a Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_asn1crypto.py:247
                ocsp_load_failure = getenv("SF_TEST_OCSP_FORCE_BAD_OCSP_RESPONSE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bddb4cf26063e254 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_asn1crypto.py:324
            test_cert_status = getenv("SF_TEST_OCSP_CERT_STATUS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b632d98c8bb5300 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:416
    MAX_RETRY = int(os.getenv("OCSP_MAX_RETRY", "3"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee459fbc901f4ea5 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:434
            self.CACHE_SERVER_URL = os.getenv(
                "SF_OCSP_RESPONSE_CACHE_SERVER_URL",
                "{}/{}".format(
                    self.DEFAULT_CACHE_SERVER_URL,
                    OCSPCache.OCSP_RESPONSE_CACHE_FILE_NAME,
                ),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1340627dc7129343 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:442
            self.CACHE_SERVER_URL = os.getenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #885751bb1cdac041 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:445
            os.getenv("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", "true") != "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7706ffc8cf4b9e28 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:453
        return os.getenv("SF_OCSP_ACTIVATE_NEW_ENDPOINT", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8137e6d2316fd43 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:542
                test_timeout = os.getenv(
                    "SF_TEST_OCSP_CACHE_SERVER_CONNECTION_TIMEOUT", None
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62d205b454067c89 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:545
                sf_cache_server_url = os.getenv("SF_TEST_OCSP_CACHE_SERVER_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f64830365488162 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:640
        OCSPCache.CACHE_DIR = os.getenv("SF_OCSP_RESPONSE_CACHE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f63cec2d8582ab1 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:1044
        self.test_mode = os.getenv("SF_OCSP_TEST_MODE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39f4c02258c281bf Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:1059
        if os.getenv("SF_OCSP_FAIL_OPEN") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2e0b63241c84c5f Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:1062
            self.FAIL_OPEN = os.getenv("SF_OCSP_FAIL_OPEN").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97aea8069845644f Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:1196
        return os.getenv("SF_OCSP_DO_RETRY", "true") == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1037a6e08507f3b5 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:1431
                    ca_bundle = environ.get("REQUESTS_CA_BUNDLE") or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bde781953e52e26d Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:1431
                    ca_bundle = environ.get("REQUESTS_CA_BUNDLE") or environ.get(
                        "CURL_CA_BUNDLE"
                    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73a1aee33a507c18 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:1513
            force_validity_fail = os.getenv("SF_TEST_OCSP_FORCE_BAD_RESPONSE_VALIDITY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27c2d8473a8ab8f8 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:1619
            test_ocsp_url = os.getenv("SF_TEST_OCSP_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b6136bd5e93b348 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:1620
            test_timeout = os.getenv(
                "SF_TEST_CA_OCSP_RESPONDER_CONNECTION_TIMEOUT", None
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #212c43597e8b2dfa Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ocsp_snowflake.py:1752
            test_cert_status = os.getenv("SF_TEST_OCSP_CERT_STATUS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #121a4d47264ce5c2 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/options.py:104
        if "ARROW_DEFAULT_MEMORY_POOL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6df8ed57a20e86e1 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/options.py:105
            os.environ["ARROW_DEFAULT_MEMORY_POOL"] = "system"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afae1a27b663f4f6 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/os_details.py:45
    with open("/etc/os-release", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4fdc6c1f72414ee Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/platform_detection.py:121
        if "LAMBDA_TASK_ROOT" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #132bb965ed6ff878 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/platform_detection.py:231
        if all(var in os.environ for var in service_vars)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ec75065af3b1c3e Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/platform_detection.py:275
    return bool(os.environ.get("IDENTITY_HEADER"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e980bd545ee0cd3 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/platform_detection.py:358
        if all(var in os.environ for var in service_vars)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9df962a974d2396c Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/platform_detection.py:377
        if all(var in os.environ for var in job_vars)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d46bd2b50eb5abb3 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/platform_detection.py:427
        if "GITHUB_ACTIONS" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ce7cb5956c878d9 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/platform_detection.py:442
        if os.environ.get("SNOWFLAKE_ENABLE_AWS_WIF_OUTBOUND_TOKEN", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35d4b70fede2e258 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/platform_detection.py:472
            os.environ.get(ENV_VAR_DISABLE_PLATFORM_DETECTION, "").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdf220451eb6ba89 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/secret_detector.py:15
MIN_TOKEN_LEN = os.getenv("MIN_TOKEN_LEN", 32)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d687bc67eefa41f2 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/secret_detector.py:16
MIN_PWD_LEN = os.getenv("MIN_PWD_LEN", 8)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91343ba270c51fa4 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/sf_dirs.py:31
        os.environ.get("SNOWFLAKE_HOME", "~/.snowflake/"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc6fbe3d05f17e55 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/ssl_wrap_socket.py:64
    return os.environ.get("REQUESTS_CA_BUNDLE") or os.environ.get("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c599c70c4cd691ff Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/storage_client.py:428
            or open(self.data_file, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f48f5ebd28dfff94 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/test_util.py:10
RUNNING_ON_JENKINS = os.getenv("JENKINS_HOME") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ce191d39973e16b Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/test_util.py:11
REGRESSION_TEST_LOG_DIR = os.getenv("CLIENT_LOG_DIR_PATH_DOCKER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b713cc72c66da56c Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/token_cache.py:291
            env_val = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a9a0c7e4c44499 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/tool/dump_certs.py:43
        open(f)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b39f9d6fb0a2ec6 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/tool/dump_ocsp_response_cache.py:177
    with open(hostname_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1816fa474f564bb0 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/requests/sessions.py:768
                    os.environ.get("REQUESTS_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #085dc58d400d0e71 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/requests/sessions.py:769
                    or os.environ.get("CURL_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f7b69039fdf59c1 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/requests/utils.py:210
    netrc_file = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd603cc2e98232be Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/requests/utils.py:743
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ee0c2008208d751 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/requests/utils.py:744
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8a8a569f64e0ce8 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/requests/utils.py:750
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25f02ae2b33cf789 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/requests/utils.py:752
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2c64ff5c8ddc2b9 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/requests/utils.py:765
        return os.environ.get(key) or os.environ.get(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccb7d3983a12dc26 Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/urllib3/contrib/emscripten/fetch.py:204
        streaming_worker_code = (
            files(__package__)
            .joinpath("emscripten_fetch_worker.js")
            .read_text(encoding="utf-8")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c17c5d9b2414dc2c Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/urllib3/util/ssl_.py:317
    if "SSLKEYLOGFILE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ded9c7662791d815 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/urllib3/util/ssl_.py:318
        sslkeylogfile = os.path.expandvars(os.environ.get("SSLKEYLOGFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be02abb9e9fa280e Filesystem access.
pkgs/python/[email protected]/src/snowflake/connector/vendored/urllib3/util/ssl_.py:452
    with open(key_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4b10eafe34fd333 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/wif_util.py:99
    region = os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #539af9cce0acec31 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/wif_util.py:200
        os.environ.get("SNOWFLAKE_ENABLE_AWS_WIF_OUTBOUND_TOKEN", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82321a840d35864c Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/wif_util.py:417
    identity_endpoint = os.environ.get("IDENTITY_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98cc8485cbbc41b2 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/wif_util.py:418
    identity_header = os.environ.get("IDENTITY_HEADER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e3eb7f191562a5f Environment-variable access.
pkgs/python/[email protected]/src/snowflake/connector/wif_util.py:435
    managed_identity_client_id = os.environ.get("MANAGED_IDENTITY_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

rich

python dependency
medium telemetry dependency Excluded from app score #35d9123fd10328c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/rich/progress.py:173
        yield from progress.track(
            sequence,
            total=total,
            completed=completed,
            description=description,
            update_period=update_period,
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 22 low-confidence finding(s)
low env_fs dependency Excluded from app score #1286f0aff7b25dfc Environment-variable access.
pkgs/python/[email protected]/rich/_unicode_data/__init__.py:67
        unicode_version = os.environ.get("UNICODE_VERSION", "latest")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41881c965e4b4cca Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:441
        self.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bad619e19d17059d Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:612
    term.write_text("went back and wrapped to prev line")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b74b750d6bb31061 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:615
    term.write_text("we go up")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e34871bf090c586b Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:618
    term.write_text("and down")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63644e032063c2e7 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:623
    term.write_text("we went up and back 2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60eb9f81b2cae117 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:628
    term.write_text("we went down and back 2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #094bc28591b7f704 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:636
    term.write_text("The red arrow shows the cursor location, and direction of erase")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3367c684e80dc468 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:646
    term.write_text("The red arrow shows the cursor location, and direction of erase")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f879978255a6a37f Filesystem access.
pkgs/python/[email protected]/rich/_windows_renderer.py:19
                term.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bd21521421c712f Filesystem access.
pkgs/python/[email protected]/rich/_windows_renderer.py:28
                    term.write_text("\r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73ed0e9e0b34023e Environment-variable access.
pkgs/python/[email protected]/rich/console.py:515
        or os.getenv("DATABRICKS_RUNTIME_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d58472231897ad2 Environment-variable access.
pkgs/python/[email protected]/rich/console.py:617
    _environ: Mapping[str, str] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36df57c4dd7cb057 Filesystem access.
pkgs/python/[email protected]/rich/console.py:2241
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #915f303631c7e0da Filesystem access.
pkgs/python/[email protected]/rich/console.py:2349
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37f3bc9b1ca9e482 Filesystem access.
pkgs/python/[email protected]/rich/console.py:2641
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5affbf7b1150ab0 Environment-variable access.
pkgs/python/[email protected]/rich/diagnose.py:32
    env = {name: os.getenv(name) for name in env_names}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56565c457348c4b8 Filesystem access.
pkgs/python/[email protected]/rich/json.py:134
            json_data = Path(args.path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40a70fa61d103bdb Filesystem access.
pkgs/python/[email protected]/rich/markdown.py:777
        with open(args.path, encoding="utf-8") as markdown_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8047c3e0a03d833 Filesystem access.
pkgs/python/[email protected]/rich/progress.py:1373
        handle = io.open(file, "rb", buffering=buffering)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ce38ca395d8525a Filesystem access.
pkgs/python/[email protected]/rich/syntax.py:360
        code = Path(path).read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ba4a77e55b4a0f9 Filesystem access.
pkgs/python/[email protected]/rich/theme.py:73
        with open(path, encoding=encoding) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

PyGithub

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #797122bba50b5d55 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:290
with open("github_objects.rst", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fd7db32ae987674 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:301
    with open("github_objects/" + githubClass + ".rst", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52dcf677eba48c84 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:309
    with open("../github/" + githubClass + ".py") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d02fa3546a03e3e9 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:356
with open("apis.rst", "w") as apis:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c087c991eeff98e Filesystem access.
pkgs/python/[email protected]/github/Requester.py:632
            f = open(local_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #789a9744789e00ca Filesystem access.
pkgs/python/[email protected]/scripts/add_attribute.py:95
with open(fileName) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1b1718d2120c8f45 Filesystem access.
pkgs/python/[email protected]/scripts/add_attribute.py:204
with open(fileName, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fccd2033fb37b2c5 Filesystem access.
pkgs/python/[email protected]/scripts/fix_headers.py:180
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #933f6d72a17805e1 Filesystem access.
pkgs/python/[email protected]/scripts/fix_headers.py:185
            with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

SQLAlchemy

python dependency
expand_more 28 low-confidence finding(s)
low env_fs dependency Excluded from app score #2c204d407a7eb38b Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:42
            with open(
                Path(cachedir) / "sqla_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa18a8d31486cd18 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:56
            with open(
                Path(cachedir) / "plain_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa4f339c1ce6cf62 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:106
            os.environ.pop("MYPY_FORCE_COLOR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a3a00116e1be888 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:146
        with open(path) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48ac15cbe66ce3e0 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:398
    if os.environ.get("REQUIRE_SQLALCHEMY_CEXT", "0") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b68adfd9a4d522f0 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:455
            with open(options.write_idents, "a") as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3b98400e58b265d Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/pytestplugin.py:880
        return os.environ.get("PYTEST_CURRENT_TEST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20b3cd2d01496f0d Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:200
            profile_f = open(self.fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa9cc0bc0cf35808 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:219
        profile_f = open(self.fname, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aad137169d73cf63 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/provision.py:453
    with open(idents_file) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #975c1b4935c8c8ab Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/util/_has_cy.py:27
    if os.environ.get("DISABLE_SQLALCHEMY_CEXT_RUNTIME"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3263f6a5814d507f Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:134
            Path(destination_path).write_text(
                text, encoding="utf-8", newline="\n"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d9891f37fc5366a Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:146
            with open(tempfile) as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dc5e868b93bd65b Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:162
            with open(source_file, encoding="utf-8") as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed94dd9013571d8c Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:169
        with open(destination_path, encoding="utf-8") as dp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d90fbfb1a0427f69 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:95
    cmd.extend(os.environ.get(dburl_env, default_dburl).split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c22a9d9ca859ba1b Environment-variable access.
pkgs/python/[email protected]/noxfile.py:106
    env_dbdrivers = os.environ.get(extra_driver_env, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #045782de52ec5777 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:269
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2fbad33be66c0c1 Environment-variable access.
pkgs/python/[email protected]/setup.py:23
DISABLE_EXTENSION = bool(os.environ.get("DISABLE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dea6307295f0448 Environment-variable access.
pkgs/python/[email protected]/setup.py:24
REQUIRE_EXTENSION = bool(os.environ.get("REQUIRE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c76d73e2e828a27a Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:155
    original = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #65af99746ebd8c6e Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:313
                file.write_text(updated, "utf-8", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cd4ce0dba2a8104a Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:145
    with open(fn.__code__.co_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cde8329931461a5c Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:373
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0f6f7ef9a11480f0 Filesystem access.
pkgs/python/[email protected]/tools/generate_sql_functions.py:38
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5a8f3658fb152b30 Filesystem access.
pkgs/python/[email protected]/tools/generate_tuple_map_overloads.py:53
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f46e19be5f4fd2c1 Filesystem access.
pkgs/python/[email protected]/tools/normalize_file_headers.py:27
    content = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8627991962d85dd4 Filesystem access.
pkgs/python/[email protected]/tools/sync_test_files.py:35
    source_data = Path(source).read_text().replace(remove_str, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

aiobotocore

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #431de3a7412f1dec Environment-variable access.
pkgs/python/[email protected]/aiobotocore/configprovider.py:19
        if os.environ.get('AWS_EXECUTION_ENV'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82f970c177431cd1 Environment-variable access.
pkgs/python/[email protected]/aiobotocore/configprovider.py:20
            default_region = os.environ.get('AWS_DEFAULT_REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fde86887b30a6712 Environment-variable access.
pkgs/python/[email protected]/aiobotocore/configprovider.py:21
            current_region = os.environ.get('AWS_REGION', default_region)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2784f44e89946ac5 Environment-variable access.
pkgs/python/[email protected]/aiobotocore/httpsession.py:206
                os.environ.get('BOTO_EXPERIMENTAL__ADD_PROXY_HOST_HEADER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60ac5c36a2ef6e65 Environment-variable access.
pkgs/python/[email protected]/aiobotocore/httpxsession.py:180
                os.environ.get('BOTO_EXPERIMENTAL__ADD_PROXY_HOST_HEADER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c65cf457137f2a94 Environment-variable access.
pkgs/python/[email protected]/aiobotocore/utils.py:97
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

aiocache

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #d9981e5c5a0bb48b Environment-variable access.
pkgs/python/[email protected]/aiocache/base.py:62
                if os.getenv("AIOCACHE_DISABLE") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a056826621558b2d Filesystem access.
pkgs/python/[email protected]/docs/conf.py:70
    version = re.findall(r'__version__ = "(.+?)"', _path.read_text())[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #768a81e6be0c1577 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:134
on_rtd = os.environ.get("READTHEDOCS", None) == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67747a8046a18905 Filesystem access.
pkgs/python/[email protected]/setup.py:8
    version = re.findall(r"^__version__ = \"([^']+)\"\r?$", p.read_text(), re.M)[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22b5df6dcfade701 Filesystem access.
pkgs/python/[email protected]/setup.py:12
readme = Path(__file__).with_name("README.rst").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

appdirs

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #7c95a077697d3f91 Environment-variable access.
pkgs/python/[email protected]/appdirs.py:92
        path = os.getenv('XDG_DATA_HOME', os.path.expanduser("~/.local/share"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1437eb8ecfd19317 Environment-variable access.
pkgs/python/[email protected]/appdirs.py:147
        path = os.getenv('XDG_DATA_DIRS',
                         os.pathsep.join(['/usr/local/share', '/usr/share']))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bac353163f9d5b90 Environment-variable access.
pkgs/python/[email protected]/appdirs.py:198
        path = os.getenv('XDG_CONFIG_HOME', os.path.expanduser("~/.config"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a48c43c7a6655b18 Environment-variable access.
pkgs/python/[email protected]/appdirs.py:243
        path = os.getenv('XDG_CONFIG_DIRS', '/etc/xdg')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b3009d94e4da812 Environment-variable access.
pkgs/python/[email protected]/appdirs.py:306
        path = os.getenv('XDG_CACHE_HOME', os.path.expanduser('~/.cache'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bce598650fed563 Environment-variable access.
pkgs/python/[email protected]/appdirs.py:348
        path = os.getenv('XDG_STATE_HOME', os.path.expanduser("~/.local/state"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #851b40b6a4f3b165 Filesystem access.
pkgs/python/[email protected]/setup.py:18
    inf = open(os.path.join(os.path.dirname(__file__), fname))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

av

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #a49db96c5bafed79 Environment-variable access.
pkgs/python/[email protected]/av/datasets.py:14
        yield os.environ["PYAV_TESTDATA_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bfca186cbecc392 Filesystem access.
pkgs/python/[email protected]/av/datasets.py:88
    with open(tmp_path, "wb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fe1b7d7b17a6563 Filesystem access.
pkgs/python/[email protected]/av/video/frame.py:711
        with open(filepath, "w", options={"update": "1"}) as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b2f68d7cdfbb9772 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:35
with open("../av/about.py") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #dd640310f6a901aa Environment-variable access.
pkgs/python/[email protected]/examples/basics/hw_decode.py:24
HW_DEVICE = os.environ["HW_DEVICE"] if "HW_DEVICE" in os.environ else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1e317c9abbd36dac Environment-variable access.
pkgs/python/[email protected]/examples/basics/hw_decode.py:26
if "TEST_FILE_PATH" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #603d101058e6b532 Environment-variable access.
pkgs/python/[email protected]/examples/basics/hw_decode.py:27
    test_file_path = os.environ["TEST_FILE_PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d077f9ca37f7bb83 Filesystem access.
pkgs/python/[email protected]/examples/basics/parse.py:26
fh = open(h264_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ab6cdce0e60a28b Environment-variable access.
pkgs/python/[email protected]/setup.py:82
    pkg_config = os.environ.get("PKG_CONFIG", "pkg-config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

azure-identity

python dependency
expand_more 105 low-confidence finding(s)
low env_fs dependency Excluded from app score #e86c97ddd7666d99 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/app_service.py:22
    url = os.environ.get(EnvironmentVariables.IDENTITY_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc642dba1bdcb2cf Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/app_service.py:23
    secret = os.environ.get(EnvironmentVariables.IDENTITY_HEADER)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96906473e74daab4 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azd_cli.py:239
        path = os.environ.get("SYSTEMROOT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de575572fbd60f5a Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azd_cli.py:322
            "env": dict(os.environ, NO_COLOR="true"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #626c7548be12d408 Filesystem access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_arc.py:52
    with open(key_file, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c10e18cbd4b7bd6 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_arc.py:74
        program_data_path = os.environ.get("PROGRAMDATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b026e993980fde4f Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_cli.py:240
        path = os.environ.get("SYSTEMROOT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd94b928dae8eadb Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_cli.py:278
            "env": dict(os.environ, AZURE_CORE_NO_COLOR="true"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84a9fa283bf67c56 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_ml.py:23
    url = os.environ.get(EnvironmentVariables.MSI_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a76231ceb4bdcc70 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_ml.py:24
    secret = os.environ.get(EnvironmentVariables.MSI_SECRET)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9c56345e4a49981 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_pipelines.py:25
    base_uri = os.environ[SYSTEM_OIDCREQUESTURI].rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #427f92ee479c8c7e Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/azure_pipelines.py:37
    if SYSTEM_OIDCREQUESTURI not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c29b10af321df23e Filesystem access.
pkgs/python/[email protected]/azure/identity/_credentials/certificate.py:149
        with open(certificate_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e570e74e2b3b5999 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/cloud_shell.py:34
        url = os.environ.get(EnvironmentVariables.MSI_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ef0ef1d3033bde5 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:154
            "interactive_browser_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3401539c7a94602c Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:158
            "managed_identity_client_id", os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73de14d731b29217 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:162
            "workload_identity_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9edc5ecee79d25d Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:166
        broker_tenant_id = kwargs.pop("broker_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99115c2bbcbf413f Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:169
        shared_cache_username = kwargs.pop("shared_cache_username", os.environ.get(EnvironmentVariables.AZURE_USERNAME))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b5870d5c77379ca Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:171
            "shared_cache_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0132f2828bb0418 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:176
        token_credentials_env = os.environ.get(EnvironmentVariables.AZURE_TOKEN_CREDENTIALS, "").strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8483929874dca8e0 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/default.py:268
                        token_file_path=os.environ.get(EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #563e61c6fcf9c974 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:63
        if all(os.environ.get(v) is not None for v in EnvironmentVariables.CLIENT_SECRET_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a78b25982d59977 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:65
                client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65247effdb9b5b8b Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:66
                client_secret=os.environ[EnvironmentVariables.AZURE_CLIENT_SECRET],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a54e63abb49f9d39 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:67
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c43e957d908f176 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:70
        elif all(os.environ.get(v) is not None for v in EnvironmentVariables.CERT_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c05ae4c22bb1649b Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:72
                client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddad1f0e58651fb6 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:73
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #271fd16d3cb71a33 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:74
                certificate_path=os.environ[EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PATH],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98554401b2df2574 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:75
                password=os.environ.get(EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PASSWORD),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cfdf126f245d9a8 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:77
                    os.environ.get(EnvironmentVariables.AZURE_CLIENT_SEND_CERTIFICATE_CHAIN, False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cd8c6246449f480 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:81
        elif all(os.environ.get(v) is not None for v in EnvironmentVariables.USERNAME_PASSWORD_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3c5a0e6e96e2526 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:83
                client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f67da382ae6cf85 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:84
                username=os.environ[EnvironmentVariables.AZURE_USERNAME],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5be129f86c71e74 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:85
                password=os.environ[EnvironmentVariables.AZURE_PASSWORD],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ddd10fb422bb8f2 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:86
                tenant_id=os.environ.get(EnvironmentVariables.AZURE_TENANT_ID),  # optional for username/password auth

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61fe5bdd6b27e398 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/environment.py:106
            set_variables = [v for v in expected_variables if v in os.environ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba8ff3a160ae3dc6 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/imds.py:60
        os.environ.get(EnvironmentVariables.AZURE_POD_IDENTITY_AUTHORITY_HOST, IMDS_AUTHORITY).strip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4ae8adbaa9b7a97 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/imds.py:90
        if EnvironmentVariables.AZURE_POD_IDENTITY_AUTHORITY_HOST in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4088298e79bc378a Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:82
        if os.environ.get(EnvironmentVariables.IDENTITY_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecb1d20921b41fd5 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:83
            if os.environ.get(EnvironmentVariables.IDENTITY_HEADER):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a380b9971181290f Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:84
                if os.environ.get(EnvironmentVariables.IDENTITY_SERVER_THUMBPRINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc1ab74ad2f9a0a7 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:98
            elif os.environ.get(EnvironmentVariables.IMDS_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f36c1e6cc4a64e1e Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:103
        elif os.environ.get(EnvironmentVariables.MSI_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b56da55ece5b19b Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:104
            if os.environ.get(EnvironmentVariables.MSI_SECRET):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b9bc26a6c39ef63 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:115
            all(os.environ.get(var) for var in EnvironmentVariables.WORKLOAD_IDENTITY_VARS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25d6f2a1f7924188 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:120
            workload_client_id = client_id or os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #861f7cf1c9e6ea1b Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:131
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56738d7386e175af Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/managed_identity.py:133
                token_file_path=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9401cd4ae6b2f18 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/service_fabric.py:42
    url = os.environ.get(EnvironmentVariables.IDENTITY_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c60617bd111ef987 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/service_fabric.py:43
    secret = os.environ.get(EnvironmentVariables.IDENTITY_HEADER)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b36a3a06cfc96bd4 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/service_fabric.py:44
    thumbprint = os.environ.get(EnvironmentVariables.IDENTITY_SERVER_THUMBPRINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab70e6f5d5218ffa Filesystem access.
pkgs/python/[email protected]/azure/identity/_credentials/vscode.py:50
            with open(expanded_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #097fa18bae8e5e9a Filesystem access.
pkgs/python/[email protected]/azure/identity/_credentials/workload_identity.py:33
            with open(self._token_file_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ced74ac80bcd2f12 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/workload_identity.py:79
        tenant_id = tenant_id or os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32fbde63c27250c0 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/workload_identity.py:80
        client_id = client_id or os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb3c5abe7db2f050 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_credentials/workload_identity.py:81
        token_file_path = token_file_path or os.environ.get(EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c22223cb06e66561 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_internal/msal_credentials.py:39
        self._regional_authority = os.environ.get(EnvironmentVariables.AZURE_REGIONAL_AUTHORITY_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #928ff0ad02c2595a Environment-variable access.
pkgs/python/[email protected]/azure/identity/_internal/utils.py:90
    authority = os.environ.get(EnvironmentVariables.AZURE_AUTHORITY_HOST, KnownAuthorities.AZURE_PUBLIC_CLOUD)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e75a9f8f677434e Environment-variable access.
pkgs/python/[email protected]/azure/identity/_internal/utils.py:151
    if default_tenant == "adfs" or os.environ.get(EnvironmentVariables.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84d1fa82c0ddf91d Environment-variable access.
pkgs/python/[email protected]/azure/identity/_internal/utils.py:207
    token_credentials_env = os.environ.get(EnvironmentVariables.AZURE_TOKEN_CREDENTIALS, "").strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aef6a33a09fa612f Environment-variable access.
pkgs/python/[email protected]/azure/identity/_persistent_cache.py:88
    if sys.platform.startswith("win") and "LOCALAPPDATA" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #176c680b86b15ae4 Environment-variable access.
pkgs/python/[email protected]/azure/identity/_persistent_cache.py:89
        cache_location = os.path.join(os.environ["LOCALAPPDATA"], ".IdentityService", cache_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64c4bbda718e9ab8 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/azd_cli.py:221
            env=dict(os.environ, NO_COLOR="true"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70941d6026908e9b Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/azure_arc.py:19
        url = os.environ.get(EnvironmentVariables.IDENTITY_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63a5a7e4d75c40b8 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/azure_arc.py:20
        imds = os.environ.get(EnvironmentVariables.IMDS_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb3ba72468824a7e Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/azure_cli.py:226
            env=dict(os.environ, AZURE_CORE_NO_COLOR="true"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f931bf9707b4f429 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/cloud_shell.py:21
        url = os.environ.get(EnvironmentVariables.MSI_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #035ebcd78224697a Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:135
        shared_cache_username = kwargs.pop("shared_cache_username", os.environ.get(EnvironmentVariables.AZURE_USERNAME))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f1d4e02170c6942 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:137
            "shared_cache_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd757013215d20bb Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:141
            "managed_identity_client_id", os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #043c2e398545f2c9 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:145
            "workload_identity_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e281bdc3ad755d8 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:150
        token_credentials_env = os.environ.get(EnvironmentVariables.AZURE_TOKEN_CREDENTIALS, "").strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68114ded98ec5995 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/default.py:231
                        token_file_path=os.environ.get(EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c7e4b993423bf80 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:57
        if all(os.environ.get(v) is not None for v in EnvironmentVariables.CLIENT_SECRET_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daff58ea4446bc1b Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:59
                client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12188ac3556c1061 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:60
                client_secret=os.environ[EnvironmentVariables.AZURE_CLIENT_SECRET],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f69fb05afd69c632 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:61
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #289cb0d3b7f10ec7 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:64
        elif all(os.environ.get(v) is not None for v in EnvironmentVariables.CERT_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #947ecb4d076859f8 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:66
                client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bde6368cbcfdfb8a Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:67
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36898ae535c72cff Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:68
                certificate_path=os.environ[EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PATH],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f2ae583538096b7 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:69
                password=os.environ.get(EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PASSWORD),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa68a61aab6a6b49 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:71
                    os.environ.get(EnvironmentVariables.AZURE_CLIENT_SEND_CERTIFICATE_CHAIN, False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c866f3f7a3016170 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/environment.py:80
            set_variables = [v for v in expected_variables if v in os.environ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb1d19deb425a9fd Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/imds.py:54
        if EnvironmentVariables.AZURE_POD_IDENTITY_AUTHORITY_HOST in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #988c2ee9291ecfa6 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:54
        if os.environ.get(EnvironmentVariables.IDENTITY_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ba6b7df8b9d33a8 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:55
            if os.environ.get(EnvironmentVariables.IDENTITY_HEADER):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3620ad80951ff298 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:56
                if os.environ.get(EnvironmentVariables.IDENTITY_SERVER_THUMBPRINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c592e03cf4d0026f Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:70
            elif os.environ.get(EnvironmentVariables.IMDS_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c85ea6650c4f2ae Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:75
        elif os.environ.get(EnvironmentVariables.MSI_ENDPOINT):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e84481c127f2b797 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:76
            if os.environ.get(EnvironmentVariables.MSI_SECRET):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb165af84f42dc35 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:87
            all(os.environ.get(var) for var in EnvironmentVariables.WORKLOAD_IDENTITY_VARS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb937c8523c31f81 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:92
            workload_client_id = client_id or os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32d365a6e27b5503 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:103
                tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afc1149ae4272eb5 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/managed_identity.py:105
                token_file_path=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab9e9e44c6790afa Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/workload_identity.py:57
        tenant_id = tenant_id or os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4b30209afbc338d Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/workload_identity.py:58
        client_id = client_id or os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbfe4d7018e64a08 Environment-variable access.
pkgs/python/[email protected]/azure/identity/aio/_credentials/workload_identity.py:59
        token_file_path = token_file_path or os.environ.get(EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dde76a6d0b1458f0 Environment-variable access.
pkgs/python/[email protected]/samples/control_interactive_prompts.py:17
VAULT_URL = os.environ.get("VAULT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aefeee6b30a94283 Environment-variable access.
pkgs/python/[email protected]/samples/credential_creation_code_snippets.py:360
        system_access_token=os.environ["SYSTEM_ACCESSTOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03c45f828d678b50 Environment-variable access.
pkgs/python/[email protected]/samples/credential_creation_code_snippets.py:374
        system_access_token=os.environ["SYSTEM_ACCESSTOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40100314014466b3 Environment-variable access.
pkgs/python/[email protected]/samples/key_vault_cert.py:19
VAULT_URL = os.environ["VAULT_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #780294e41e5a3623 Environment-variable access.
pkgs/python/[email protected]/samples/user_authentication.py:14
VAULT_URL = os.environ.get("VAULT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

boto3

python dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling reachable #8ec90375278440f6 Filesystem access.
pkgs/python/[email protected]/boto3/docs/__init__.py:50
        with open(service_doc_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cc880ebc605cd0e7 Filesystem access.
pkgs/python/[email protected]/boto3/docs/service.py:200
            with open(examples_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d382d0efb7daaa94 Filesystem access.
pkgs/python/[email protected]/setup.py:24
    init = open(os.path.join(ROOT, 'boto3', '__init__.py')).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1a27dfe9f262dd5 Filesystem access.
pkgs/python/[email protected]/setup.py:32
    long_description=open('README.rst').read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

browserbase

python dependency
expand_more 21 low-confidence finding(s)
low env_fs tooling reachable #e8ee800a2d0e0670 Environment-variable access.
pkgs/python/[email protected]/examples/__init__.py:11
_BROWSERBASE_API_KEY = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #46dfa0349bb9f241 Environment-variable access.
pkgs/python/[email protected]/examples/__init__.py:15
_BROWSERBASE_PROJECT_ID = os.environ.get("BROWSERBASE_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4fe31c03241a46d6 Environment-variable access.
pkgs/python/[email protected]/examples/e2e/test_playwright.py:23
CI = os.getenv("CI", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f0ee66ee4544972b Filesystem access.
pkgs/python/[email protected]/examples/playwright_extensions.py:42
        with open(f"{path}.zip", "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1205615b183c48f3 Environment-variable access.
pkgs/python/[email protected]/src/browserbase/_client.py:92
            api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e692e2eb363c8ce Environment-variable access.
pkgs/python/[email protected]/src/browserbase/_client.py:100
            base_url = os.environ.get("BROWSERBASE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f49437b96340a77 Environment-variable access.
pkgs/python/[email protected]/src/browserbase/_client.py:104
        custom_headers_env = os.environ.get("BROWSERBASE_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68f6c6dbcf20307f Environment-variable access.
pkgs/python/[email protected]/src/browserbase/_client.py:317
            api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c811a86424ff1855 Environment-variable access.
pkgs/python/[email protected]/src/browserbase/_client.py:325
            base_url = os.environ.get("BROWSERBASE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ca6d4371f8f60e1 Environment-variable access.
pkgs/python/[email protected]/src/browserbase/_client.py:329
        custom_headers_env = os.environ.get("BROWSERBASE_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99cb975b22eca293 Filesystem access.
pkgs/python/[email protected]/src/browserbase/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c9052b041dda503 Filesystem access.
pkgs/python/[email protected]/src/browserbase/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58faa9f45fe7064a Filesystem access.
pkgs/python/[email protected]/src/browserbase/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71a2b1ca1e4458c4 Filesystem access.
pkgs/python/[email protected]/src/browserbase/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e8eb0b95f2fec35 Environment-variable access.
pkgs/python/[email protected]/src/browserbase/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6987af5f9fc6ebff Filesystem access.
pkgs/python/[email protected]/src/browserbase/_response.py:497
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e24b428ef77c22ed Filesystem access.
pkgs/python/[email protected]/src/browserbase/_response.py:539
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3cedee6f5a701db Environment-variable access.
pkgs/python/[email protected]/src/browserbase/_utils/_logs.py:17
    env = os.environ.get("BROWSERBASE_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17ee85293694605d Filesystem access.
pkgs/python/[email protected]/src/browserbase/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #775798e3f3822b12 Filesystem access.
pkgs/python/[email protected]/src/browserbase/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #770581f46764dde6 Filesystem access.
pkgs/python/[email protected]/src/browserbase/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cel-python

python dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #3f454553da19c483 Environment-variable access.
pkgs/python/[email protected]/features/environment.py:42
        context.data['runner'] = RUNNERS[os.environ.get("CEL_RUNNER", "interpreted")]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d987307d1e90cae Filesystem access.
pkgs/python/[email protected]/features/steps/cli_binding.py:62
    temp.write_text("\n".join(context.data['json']) + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80149fbaa2d7f0a6 Environment-variable access.
pkgs/python/[email protected]/src/celpy/__main__.py:123
        value_text = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b87afe24050e8ac Filesystem access.
pkgs/python/[email protected]/src/celpy/__main__.py:543
    config_toml = config_paths[0].read_text() if config_paths else DEFAULT_CONFIG_TOML

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #474b66c9fc521800 Filesystem access.
pkgs/python/[email protected]/src/celpy/celparser.py:109
            CEL_grammar = (Path(__file__).parent / "cel.lark").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ee71c6fa518a5b1 Environment-variable access.
pkgs/python/[email protected]/src/celpy/evaluation.py:1374
    if os.environ.get("CEL_TRACE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #adb428c959676169 Filesystem access.
pkgs/python/[email protected]/tools/gherkinize.py:1076
        with open(path, encoding="utf_8") as file_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9812759519effc04 Filesystem access.
pkgs/python/[email protected]/tools/gherkinize.py:1093
            with open(path, "w", encoding="utf_8") as file_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

certifi

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #f4618187fe694a7f Filesystem access.
pkgs/python/[email protected]/certifi/core.py:47
        return files("certifi").joinpath("cacert.pem").read_text(encoding="ascii")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5734ca04d78475ae Filesystem access.
pkgs/python/[email protected]/certifi/core.py:83
        return read_text("certifi", "cacert.pem", encoding="ascii")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed1b356fafb79af5 Filesystem access.
pkgs/python/[email protected]/setup.py:17
with open("certifi/__init__.py") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37adfe9796be200f Filesystem access.
pkgs/python/[email protected]/setup.py:30
    long_description=open("README.rst").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

click

python dependency
expand_more 31 low-confidence finding(s)
low env_fs dependency Excluded from app score #953b61c4c4b25270 Filesystem access.
pkgs/python/[email protected]/src/click/_compat.py:366
        return open(file, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a12478687da25402 Filesystem access.
pkgs/python/[email protected]/src/click/_compat.py:368
    return open(file, mode, encoding=encoding, errors=errors)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #384c87c69d1dad6c Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:418
    pager_cmd_parts = shlex.split(os.environ.get("PAGER", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0de32c41d3eddb4 Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:424
    if os.environ.get("TERM") in ("dumb", "emacs"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea86ae94ef5f3d92 Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:516
    env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2bd326736b2e899 Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:521
        less_flags = f"{os.environ.get('LESS', '')}{' '.join(cmd_params)}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #438190424358f9ed Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:673
            rv = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f279b5a7f9f8620 Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:695
            environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e97ae025e27992d8 Filesystem access.
pkgs/python/[email protected]/src/click/_termui_impl.py:761
            with open(name, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8de064813fb2b624 Filesystem access.
pkgs/python/[email protected]/src/click/_termui_impl.py:790
        null = open("/dev/null", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc6ec7e2d1910d19 Filesystem access.
pkgs/python/[email protected]/src/click/_termui_impl.py:916
            f = open("/dev/tty")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b21562b5702bc31d Filesystem access.
pkgs/python/[email protected]/src/click/core.py:1243
                formatter.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22f507bd7f59d341 Filesystem access.
pkgs/python/[email protected]/src/click/core.py:1264
                formatter.write_text(epilog)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d5ac6b499600fbd Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:1557
        instruction = os.environ.get(complete_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f54084326155f5e Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:2631
            rv = os.environ.get(self.envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1de37108819946e7 Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:2637
                rv = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff26192cc68900bb Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:3402
            rv = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17e7a9ca4e5e9d25 Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:371
        cwords = split_arg_string(os.environ["COMP_WORDS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60e23abe88e496f7 Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:372
        cword = int(os.environ["COMP_CWORD"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c0c0283ff49e0df Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:393
        cwords = split_arg_string(os.environ["COMP_WORDS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25b50562cdab9f8b Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:394
        cword = int(os.environ["COMP_CWORD"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3974f8df7b14d47 Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:429
        cwords = split_arg_string(os.environ["COMP_WORDS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b5565fe995aea4c Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:430
        incomplete = os.environ["COMP_CWORD"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f8a92ec19693134 Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:567
                old_env[key] = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ae473ebf55d8b0c Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:570
                        del os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ea1fd54bff3b289 Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:574
                    os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a57c3f2952c72996 Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:580
                        del os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2392cb6829caf965 Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:584
                    os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb74c3b4be8e7911 Filesystem access.
pkgs/python/[email protected]/src/click/utils.py:149
                open(filename, mode).close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #811ff207f293bfe1 Environment-variable access.
pkgs/python/[email protected]/src/click/utils.py:506
        folder = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae3f875f22abbf1a Environment-variable access.
pkgs/python/[email protected]/src/click/utils.py:517
        os.environ.get("XDG_CONFIG_HOME", os.path.expanduser("~/.config")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

contextual-client

python dependency
expand_more 17 low-confidence finding(s)
low env_fs dependency Excluded from app score #10102a4e8ed91861 Environment-variable access.
pkgs/python/[email protected]/src/contextual/_client.py:89
            api_key = os.environ.get("CONTEXTUAL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f07ff3445b58a65 Environment-variable access.
pkgs/python/[email protected]/src/contextual/_client.py:91
            if os.getenv('SNOWFLAKE_INTERNAL_API_SERVICE', False):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a6dfa1053b3fd2e Environment-variable access.
pkgs/python/[email protected]/src/contextual/_client.py:100
            base_url = os.environ.get("CONTEXTUAL_AI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #286cee2bc1527e87 Environment-variable access.
pkgs/python/[email protected]/src/contextual/_client.py:312
            api_key = os.environ.get("CONTEXTUAL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67e8b7e4bd326819 Environment-variable access.
pkgs/python/[email protected]/src/contextual/_client.py:314
            if os.getenv('SNOWFLAKE_INTERNAL_API_SERVICE', False):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6fb866bc92fc82b Environment-variable access.
pkgs/python/[email protected]/src/contextual/_client.py:323
            base_url = os.environ.get("CONTEXTUAL_AI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d24f76e32bd8d28 Filesystem access.
pkgs/python/[email protected]/src/contextual/_files.py:67
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ad395d3034aae4d Filesystem access.
pkgs/python/[email protected]/src/contextual/_files.py:79
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b7aa59fc3ed22b4 Filesystem access.
pkgs/python/[email protected]/src/contextual/_files.py:109
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52867226ea4b6054 Filesystem access.
pkgs/python/[email protected]/src/contextual/_files.py:121
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8f65f2f24b6aa6f Environment-variable access.
pkgs/python/[email protected]/src/contextual/_models.py:97
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d53bb237f162adf Filesystem access.
pkgs/python/[email protected]/src/contextual/_response.py:494
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c15fa95ee62a824b Filesystem access.
pkgs/python/[email protected]/src/contextual/_response.py:536
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39a964100e5e7be2 Environment-variable access.
pkgs/python/[email protected]/src/contextual/_utils/_logs.py:17
    env = os.environ.get("CONTEXTUAL_AI_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af3a2f07ef15123e Filesystem access.
pkgs/python/[email protected]/src/contextual/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5827ad848a29ff6a Filesystem access.
pkgs/python/[email protected]/src/contextual/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #328c67f4b19004a5 Filesystem access.
pkgs/python/[email protected]/src/contextual/_utils/_utils.py:367
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

crewai-files

python dependency
expand_more 16 low-confidence finding(s)
low env_fs dependency Excluded from app score #592e267eb253ca03 Filesystem access.
pkgs/python/[email protected]/src/crewai_files/core/sources.py:263
            self._content = self.path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cba1dddc0d04a76 Filesystem access.
pkgs/python/[email protected]/src/crewai_files/core/sources.py:282
        with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c92ed76fd9ca5f60 Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/formatting/api.py:294
        s3_bucket = os.environ.get("CREWAI_BEDROCK_S3_BUCKET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d35e155dc67a7a7 Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/formatting/api.py:333
        s3_bucket_owner = os.environ.get("CREWAI_BEDROCK_S3_BUCKET_OWNER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a60239b1378dd111 Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/uploaders/anthropic.py:39
        self._api_key = api_key or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52be156e0d4460b6 Filesystem access.
pkgs/python/[email protected]/src/crewai_files/uploaders/bedrock.py:94
    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d992ce53220a51a Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/uploaders/bedrock.py:128
        self._bucket_name = bucket_name or os.environ.get("CREWAI_BEDROCK_S3_BUCKET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f64643f4f883d8c9 Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/uploaders/bedrock.py:129
        self._bucket_owner = bucket_owner or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #151cef0186cf4c1a Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/uploaders/bedrock.py:129
        self._bucket_owner = bucket_owner or os.environ.get(
            "CREWAI_BEDROCK_S3_BUCKET_OWNER"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9e4441e5964067c Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/uploaders/bedrock.py:133
        self._region = region or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3aae91bf6b941b9 Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/uploaders/bedrock.py:133
        self._region = region or os.environ.get(
            "AWS_REGION", os.environ.get("AWS_DEFAULT_REGION")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5295ef531ef008c7 Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/uploaders/bedrock.py:134
            "AWS_REGION", os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85613f45e2344833 Filesystem access.
pkgs/python/[email protected]/src/crewai_files/uploaders/bedrock.py:269
                with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7425cdb16a4488f Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/uploaders/factory.py:192
            not os.environ.get("CREWAI_BEDROCK_S3_BUCKET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f15087e3b46cfd9a Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/uploaders/gemini.py:108
        self._api_key = api_key or os.environ.get("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d227973be5b1418f Environment-variable access.
pkgs/python/[email protected]/src/crewai_files/uploaders/openai.py:136
        self._api_key = api_key or os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cryptography

python dependency
expand_more 22 low-confidence finding(s)
low env_fs tooling reachable #0ecf41d5bcfa2ca0 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:88
with open(os.path.join(base_dir, "src", "cryptography", "__about__.py")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cd4e1c34dc46aeb2 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/aes-192-gcm-siv/generate_aes192gcmsiv.py:52
    with open(filename) as vector_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #07806e31d74f4f48 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/aes-192-gcm-siv/generate_aes192gcmsiv.py:81
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b741cec32a29d140 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/arc4/generate_arc4.py:92
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #485e5a8447c74917 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/cast5/generate_cast5.py:28
    with open(filename) as vector_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #98fa0a4d6d969fc7 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/cast5/generate_cast5.py:52
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c6755525fb04d4d4 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/hkdf/generate_hkdf.py:34
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ddb8373b03acf019 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/idea/generate_idea.py:18
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #91dbfb303c499b22 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/idea/generate_idea.py:50
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #409c539b239a67ca Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/idea/verify_idea.py:22
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a065f8e0f9917bce Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py:98
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #73671eccdfcc3192 Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/seed/generate_seed.py:18
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c55ce88f4a9332ca Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/seed/generate_seed.py:49
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #aac00bea0ff999ae Filesystem access.
pkgs/python/[email protected]/docs/development/custom-vectors/seed/verify_seed.py:20
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2976e39a2f3e03c7 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:64
        rustflags = os.environ.get("RUSTFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e6e6e2835ec4147 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:239
    rustflags = os.environ.get("RUSTFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca532469ef915154 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:291
    if "CARGO_INCREMENTAL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1c79380c2603354 Filesystem access.
pkgs/python/[email protected]/noxfile.py:406
        with open(f"{uuid.uuid4()}.lcov", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a133dda79ce401c Filesystem access.
pkgs/python/[email protected]/release.py:54
    content = p.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84fe15956680ba27 Filesystem access.
pkgs/python/[email protected]/release.py:60
    p.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #244a192333cdac45 Environment-variable access.
pkgs/python/[email protected]/src/_cffi_src/build_openssl.py:49
    out_dir = os.environ["OUT_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7f5aecb1a43c4ac Filesystem access.
pkgs/python/[email protected]/src/_cffi_src/utils.py:16
with open(os.path.join(base_src, "cryptography", "__about__.py")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

docling-core

python dependency
expand_more 23 low-confidence finding(s)
low env_fs dependency Excluded from app score #bd3de935e1e3c4bf Filesystem access.
pkgs/python/[email protected]/docling_core/cli/serialize.py:125
        output.write_text(result, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76bccd0d75772481 Filesystem access.
pkgs/python/[email protected]/docling_core/cli/view.py:72
    target_path.write_text(html_output, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #977b38db24667b70 Filesystem access.
pkgs/python/[email protected]/docling_core/transforms/chunker/tokenizer/huggingface.py:38
                with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d833f6eedbbe7d8 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/document.py:6227
        filename.write_text(json.dumps(out, indent=indent), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f44d838e53249ff Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/document.py:6242
        return cls.model_validate_json(filename.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7749690357ef25f8 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/document.py:6272
        filename.write_text(stream.getvalue(), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7177fd169b2ae1a Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/document.py:6286
        data = yaml.load(filename.read_text(encoding="utf-8"), Loader=yaml.SafeLoader)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9aaab048b88b244 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/document.py:6362
        filename.write_text(md_out, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eddc2379031d9820 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/document.py:6616
        filename.write_text(html_out, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d063bfbb820257af Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/document.py:6787
        filename.write_text(vtt_out, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4793d14ce72fa9b2 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/document.py:7398
        filename.write_text(out, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d236eebf8d18a816 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/document.py:7491
        filename.write_text(f"{out}\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f35f85c2601f825a Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/document.py:7528
            document_path.write_text(f"{serializer.serialize().text}\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4003ae80556367f1 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/document.py:7594
            document_xml.read_text(encoding="utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc695a718683214c Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/page.py:691
        filename.write_text(json.dumps(out, indent=indent), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61278fc1ffb298f7 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/page.py:705
        return cls.model_validate_json(filename.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2020b46ed9e11059 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/page.py:1391
        filename.write_text(json.dumps(out, indent=indent), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6452b33fe9d923d1 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/page.py:1405
        return cls.model_validate_json(filename.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ab918aac9589758 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/page.py:1450
        filename.write_text(json.dumps(out, indent=indent), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36e019c492efb54b Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/page.py:1464
        return cls.model_validate_json(filename.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd1a6befe3b08128 Filesystem access.
pkgs/python/[email protected]/docling_core/types/doc/utils.py:124
            with zf.open(member) as src, open(target, "wb") as dst:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19cfc8423619462b Filesystem access.
pkgs/python/[email protected]/docling_core/utils/file.py:242
            stream = BytesIO(local_path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4edc79a260c6a650 Filesystem access.
pkgs/python/[email protected]/docling_core/utils/generate_docs.py:48
        output_file.write_text(json.dumps(json_schema, ensure_ascii=False, indent=2), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

exa-py

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #7fb4939fc12034e2 Environment-variable access.
pkgs/python/[email protected]/exa_py/api.py:50
is_beta = os.getenv("IS_BETA") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #575724cd778740e9 Environment-variable access.
pkgs/python/[email protected]/exa_py/api.py:1440
            api_key = os.environ.get("EXA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4121b1dced73bef5 Filesystem access.
pkgs/python/[email protected]/exa_py/utils.py:185
            with open(pyproject_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #596c6cfdf3194870 Filesystem access.
pkgs/python/[email protected]/exa_py/websets/imports/client.py:54
                with open(csv_data, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0973270e2b97c69d Filesystem access.
pkgs/python/[email protected]/exa_py/websets/imports/client.py:217
                with open(csv_data, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gitpython

python dependency
expand_more 55 low-confidence finding(s)
low env_fs dependency Excluded from app score #282ef8651913a01a Filesystem access.
pkgs/python/[email protected]/doc/source/conf.py:50
with open(os.path.join(os.path.dirname(__file__), "..", "..", "VERSION")) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dadd09b97f921db0 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:663
    GIT_PYTHON_TRACE = os.environ.get("GIT_PYTHON_TRACE", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53345efbeac8724e Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:779
            new_git = os.environ.get(cls._git_exec_env_var, cls.git_exec_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72ba4990a5ace7fb Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:828
                mode = os.environ.get(cls._refresh_env_var, "raise").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d6f688c2aae1a66 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:1256
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ceff6ba5bdcb4887 Filesystem access.
pkgs/python/[email protected]/git/cmd.py:1278
        stdout_sink = PIPE if with_stdout else getattr(subprocess, "DEVNULL", None) or open(os.devnull, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e020e07e820b3841 Environment-variable access.
pkgs/python/[email protected]/git/config.py:259
        config_home = os.environ.get("XDG_CONFIG_HOME") or osp.join(os.environ.get("HOME", "~"), ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfd1656f680a7f52 Filesystem access.
pkgs/python/[email protected]/git/config.py:650
                    with open(file_path, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6f1446274eb477c Filesystem access.
pkgs/python/[email protected]/git/config.py:768
            with open(fp, "wb") as fp_open:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fc0efe81cda804f Filesystem access.
pkgs/python/[email protected]/git/index/base.py:705
                return open(filepath, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a415b519c6e7e111 Filesystem access.
pkgs/python/[email protected]/git/index/base.py:1180
        with open(self._commit_editmsg_filepath(), "wb") as commit_editmsg_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b0252bab7fabed9 Filesystem access.
pkgs/python/[email protected]/git/index/base.py:1187
        with open(self._commit_editmsg_filepath(), "rb") as commit_editmsg_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13a6b5495f5f6a1e Environment-variable access.
pkgs/python/[email protected]/git/index/fun.py:89
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de68385763e96413 Environment-variable access.
pkgs/python/[email protected]/git/objects/commit.py:664
        env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55aa64fd0c3d557c Filesystem access.
pkgs/python/[email protected]/git/objects/submodule/base.py:428
        with open(git_file, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc0adca8bfdc0088 Filesystem access.
pkgs/python/[email protected]/git/refs/log.py:267
        with open(filepath, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83d5a6e77b26aac7 Filesystem access.
pkgs/python/[email protected]/git/refs/log.py:363
            fd = open(filepath, "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e82f57126a05153 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:152
            with open(cls._get_packed_refs_path(repo), "rt", encoding="UTF-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b3aefbee8a32861 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:265
            with open(os.path.join(repodir, ref_path), "rt", encoding="UTF-8") as fp:  # type: ignore[arg-type]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baef32b3219c2dfe Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:668
                with open(pack_file_path, "rb") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac2e399a183d912d Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:696
                    with open(pack_file_path, "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db87f08cf481b014 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:738
            with open(abs_ref_path, "rb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e73c3added22496d Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:822
                with open(new_abs_path, "rb") as fd1:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c936612662da652 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:824
                with open(cur_abs_path, "rb") as fd2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e0352637a338812 Filesystem access.
pkgs/python/[email protected]/git/remote.py:915
        with open(fetch_head.abspath, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc33ac82286d7d25 Environment-variable access.
repo/base.py:216
        epath = path or os.getenv("GIT_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5050f97a78ee9542 Environment-variable access.
repo/base.py:252
                if "GIT_WORK_TREE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85e605d19cbc01bd Environment-variable access.
repo/base.py:253
                    self._working_tree_dir = os.getenv("GIT_WORK_TREE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39ceba7b30e549cc Filesystem access.
repo/base.py:257
                    with open(osp.join(git_dir, "gitdir")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59f38b4980d096b0 Environment-variable access.
repo/base.py:280
                if os.environ.get("GIT_COMMON_DIR") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07822c2fef7c50f5 Environment-variable access.
repo/base.py:284
                if "GIT_WORK_TREE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ba1de75a7830fd3 Environment-variable access.
repo/base.py:285
                    self._working_tree_dir = os.getenv("GIT_WORK_TREE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #568f9645e9f38456 Filesystem access.
repo/base.py:321
            common_dir = (Path(self.git_dir) / "commondir").read_text().splitlines()[0].strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73f16c1117fcb04d Filesystem access.
repo/base.py:382
        with open(filename, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c612cb5007f74ce Filesystem access.
repo/base.py:388
        with open(filename, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47f4f659f776bb40 Environment-variable access.
repo/base.py:663
            config_home = os.environ.get("XDG_CONFIG_HOME") or osp.join(os.environ.get("HOME", "~"), ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49f966edbf4fbf12 Filesystem access.
repo/base.py:922
            with open(alternates_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0e2eeb18fda5895 Filesystem access.
repo/base.py:945
            with open(alternates_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69d45f5e23304b2a Filesystem access.
repo/base.py:1661
        with open(rebase_head_file, "rt") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #952353bc5b4514bd Filesystem access.
repo/fun.py:55
    with open(filename, "ab"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32c804bdb9b43285 Environment-variable access.
repo/fun.py:69
        if (osp.isdir(osp.join(d, "objects")) or "GIT_OBJECT_DIRECTORY" in os.environ) and osp.isdir(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b33da84df5fbb53a Filesystem access.
repo/fun.py:93
        lines = Path(dotgit).read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f5dd3b9448f6517 Filesystem access.
repo/fun.py:108
        with open(d) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe6aecb0d773d89b Environment-variable access.
pkgs/python/[email protected]/git/util.py:122
        value = os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97f6daa42fddfd99 Environment-variable access.
pkgs/python/[email protected]/git/util.py:201
    old_value = os.getenv(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cd89313901eb85c Environment-variable access.
pkgs/python/[email protected]/git/util.py:202
    os.environ[name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #807dbc549b2215a2 Environment-variable access.
pkgs/python/[email protected]/git/util.py:207
            del os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dbbbeacd39eb9a3 Environment-variable access.
pkgs/python/[email protected]/git/util.py:209
            os.environ[name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe216cfe64670cb1 Environment-variable access.
pkgs/python/[email protected]/git/util.py:338
    PATHEXT = os.environ.get("PATHEXT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d04b38162395e66b Environment-variable access.
pkgs/python/[email protected]/git/util.py:374
        path = os.environ["PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff3fbda33f0b0bec Environment-variable access.
pkgs/python/[email protected]/git/util.py:865
                val = os.environ[evar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1ccdf12ea25c8a1 Filesystem access.
pkgs/python/[email protected]/git/util.py:1051
            with open(lock_file, mode="w"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d74c69cf9605ce7b Filesystem access.
pkgs/python/[email protected]/setup.py:14
    return (Path(__file__).parent / path).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b17f788273cebfa9 Filesystem access.
pkgs/python/[email protected]/setup.py:49
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #237f31df451e53d9 Filesystem access.
pkgs/python/[email protected]/setup.py:59
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-genai

python dependency
expand_more 37 low-confidence finding(s)
low env_fs dependency Excluded from app score #c579a76332e0734f Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:110
  env_google_api_key = os.environ.get('GOOGLE_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0f9b8800ff70530 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:111
  env_gemini_api_key = os.environ.get('GEMINI_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5e3529a7345f3a0 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:616
      env_enterprise_str = os.environ.get('GOOGLE_GENAI_USE_ENTERPRISE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e33b27385761a66 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:617
      env_vertexai_str = os.environ.get('GOOGLE_GENAI_USE_VERTEXAI', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #178b9e0a5f0bdb92 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:677
    env_project = os.environ.get('GOOGLE_CLOUD_PROJECT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef2633af6d7909f6 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:678
    env_location = os.environ.get('GOOGLE_CLOUD_LOCATION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fe83353a45e3597 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1046
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddef96dc1338a39b Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1047
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b4f49f81cfff77b Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1100
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #691a0ab64b3ed80a Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1101
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76a96dbdb2191872 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1158
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b99aca8fc3cdf3d Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1159
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c9e4db123b16c7f Filesystem access.
pkgs/python/[email protected]/google/genai/_api_client.py:1764
      with open(file_path, 'rb') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2939cec6c56102e Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:48
    return _default_base_vertex_url or os.getenv('GOOGLE_VERTEX_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e6800a9082d63cc Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:50
    return _default_base_gemini_url or os.getenv('GOOGLE_GEMINI_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58f18c5af1d52e0d Filesystem access.
pkgs/python/[email protected]/google/genai/_gaos/types/base64fileinput.py:39
            with open(value, "rb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f9e2d3020a8ef97 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/logger.py:40
    if os.getenv("GOOGLE_GENAI_DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fca1aba20ba4390d Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:95
    if os.getenv("GOOGLE_GENAI_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0037d77ede66db2b Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:96
        security_dict["api_key"] = os.getenv("GOOGLE_GENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2125be1626404371 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:98
    if os.getenv("GOOGLE_GENAI_ACCESS_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abb9d62aa6b58778 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:99
        security_dict["access_token"] = os.getenv("GOOGLE_GENAI_ACCESS_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96711a2da6e40469 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:101
    if os.getenv("GOOGLE_GENAI_DEFAULT_HEADERS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6aee5f6fbfa14f4 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:102
        security_dict["default_headers"] = os.getenv("GOOGLE_GENAI_DEFAULT_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #285f41754837df00 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/values.py:79
    env_value = os.getenv(env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e12fd6ba92d8e06f Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:111
  with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f957309869514839 Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:128
    with open(tmp_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a8c481cae6531ac Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:223
      os.environ.get('PYTEST_CURRENT_TEST'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d85bb11720b3c18d Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:315
      self.replays_directory = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c9fb2f0d9b025d6 Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:315
      self.replays_directory = os.environ.get(
          'GOOGLE_GENAI_REPLAYS_DIRECTORY', None
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baba7b95cd7908c5 Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:359
      with open(replay_file_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5239648023fd4a83 Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:386
    with open(replay_file_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44a15b93657a5de9 Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:197
      default_factory=lambda: os.getenv('GOOGLE_GENAI_CLIENT_MODE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69c121a1e7f85647 Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:201
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAYS_DIRECTORY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08718a7dde22cc9a Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:205
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAY_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b34316c4533c990f Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:9036
    image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f43ea23affee8d8 Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:11421
    video_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6507ead8bf90fc2f Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:22491
    with open(file_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #886a4c82260572d8 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:34
        if trust_env and os.environ.get("SSL_CERT_FILE"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #950f38c956f57039 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:35
            ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69df1c90ae04b4cc Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:36
        elif trust_env and os.environ.get("SSL_CERT_DIR"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eb231acd71513c1 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:37
            ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

hyperbrowser

python dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #6eaaba170ab2abce Environment-variable access.
pkgs/python/[email protected]/hyperbrowser/client/base.py:25
                    else os.environ.get("HYPERBROWSER_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efe4e5efa1f9b9e3 Environment-variable access.
pkgs/python/[email protected]/hyperbrowser/client/base.py:30
                    else os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cfe63101672eb6d Environment-variable access.
pkgs/python/[email protected]/hyperbrowser/client/base.py:30
                    else os.environ.get(
                        "HYPERBROWSER_BASE_URL", "https://api.hyperbrowser.ai"
                    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d0b5fdd9478c0ca Filesystem access.
pkgs/python/[email protected]/hyperbrowser/client/managers/async_manager/extension.py:27
            files={"file": open(file_path, "rb")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2012e50d436ebc68 Filesystem access.
pkgs/python/[email protected]/hyperbrowser/client/managers/async_manager/session.py:142
            with open(file_input, "rb") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #549977ac7c423a6a Filesystem access.
pkgs/python/[email protected]/hyperbrowser/client/managers/sandboxes/image_build.py:150
    with open(artifact_path, "rb") as artifact:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49a17873387cef84 Filesystem access.
pkgs/python/[email protected]/hyperbrowser/client/managers/sync_manager/extension.py:27
            files={"file": open(file_path, "rb")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ddae9254efdf911 Filesystem access.
pkgs/python/[email protected]/hyperbrowser/client/managers/sync_manager/session.py:137
            with open(file_input, "rb") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56c0c2b6ba9be0de Environment-variable access.
pkgs/python/[email protected]/hyperbrowser/config.py:16
        api_key = os.environ.get("HYPERBROWSER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d621eaef103990e Environment-variable access.
pkgs/python/[email protected]/hyperbrowser/config.py:20
        base_url = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fbc41cc34e59455 Environment-variable access.
pkgs/python/[email protected]/hyperbrowser/config.py:20
        base_url = os.environ.get(
            "HYPERBROWSER_BASE_URL", "https://api.hyperbrowser.ai"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ibm-watsonx-ai

python dependency
expand_more 149 low-confidence finding(s)
low env_fs tooling reachable #bf17283396b2412e Environment-variable access.
pkgs/python/[email protected]/docs/utils.py:62
    Version.from_tag(os.environ["DOCUMENTATION_MAX_TAG"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ca75eb993ebd493a Environment-variable access.
pkgs/python/[email protected]/docs/utils.py:63
    if "DOCUMENTATION_MAX_TAG" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1e7e645fcb83275d Filesystem access.
pkgs/python/[email protected]/docs/write_redirects.py:51
        source_file_path.write_text(
            REDIRECT_HTML.format(target=target), encoding="utf-8"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60555ec33255b853 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/_wrappers/httpx/global_httpx_settings.py:24
        match os.environ.get("WX_CLIENT_VERIFY_REQUESTS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8da76b7c149979e Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/_wrappers/httpx_wrapper.py:316
    elif (env_max_retries := os.environ.get("WATSONX_MAX_RETRIES")) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #343b7ac4ef983916 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/_wrappers/httpx_wrapper.py:328
    elif (env_delay_time := os.environ.get("WATSONX_DELAY_TIME")) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a205ae3f7a91c907 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/_wrappers/httpx_wrapper.py:344
                    os.environ.get("WATSONX_RETRY_STATUS_CODES", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9f1a30726076c39 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/_wrappers/httpx_wrapper.py:349
            if os.environ.get("WATSONX_RETRY_STATUS_CODES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c984a839bd7fb17b Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/ai_services.py:1428
            filename.write_text(code, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20b98c7f04b464ea Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/client.py:410
            os.environ["DEPLOYMENT_PLATFORM"] = "private"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d51cced30f270268 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/client.py:473
                os.environ["DEPLOYMENT_PRIVATE"] = "icp4d"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bff20b38899a28e Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/client.py:879
            return (path / file_name).read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98bed5ac70809640 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/client.py:967
        if client_headers_env := os.environ.get("IBM_SDK_API_CLIENT_HEADERS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aec0e78bd252dc5 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/credentials.py:186
            return Path(filename).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5902c08684301dd2 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/credentials.py:207
                f(os.environ[k])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ed1f1d092117549 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/credentials.py:209
                if os.environ.get(k) is not None and os.environ.get(k) != ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dce202e3cfdece66 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/credentials.py:222
                os.environ[env_key] = str(self.__dict__[property_key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adebd59f99a161ac Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/data_loaders/datasets/base_documents.py:330
            get_max_sample_size_limit() if os.getenv("MEM", False) else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bd1d5792d1d1e78 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/data_loaders/datasets/tabular.py:431
            get_max_sample_size_limit() if os.getenv("MEM", False) else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e608d12334bd3c0 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/deployment/base_deployment.py:719
            with redirect_stdout(open(os.devnull, "w")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #840039b3ec80f0ef Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/deployment/base_deployment.py:734
                    with redirect_stdout(open(os.devnull, "w")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0efbf95a2bfba685 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/experiment/autoai/autoai.py:1131
                and environ.get("ENABLE_AUTOAI", "false").lower() == "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab33bf5861f94c8d Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/experiment/autoai/optimizers/local_auto_pipelines.py:140
            with redirect_stdout(open(os.devnull, "w")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e4e36205d381c2b Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/experiment/autoai/optimizers/local_auto_pipelines.py:552
            with redirect_stdout(open(os.devnull, "w")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afb89ce29db6a1b6 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/experiment/autoai/optimizers/local_auto_pipelines.py:683
        with redirect_stdout(open(os.devnull, "w")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8efd3e3fb19bf86 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/experiment/autoai/optimizers/local_auto_pipelines.py:732
        if "CPU" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e1eaa100cca6311 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/experiment/autoai/optimizers/local_auto_pipelines.py:735
                    f"train_id: {train_id} --- Using {os.environ.get('CPU', 1)} CPUs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a77993056b3f482 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/experiment/autoai/optimizers/local_auto_pipelines.py:739
                    self.params.get("cpus_available", os.environ.get("CPU", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2aefba786e48ce86 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/experiment/autoai/optimizers/local_auto_pipelines.py:753
        with redirect_stdout(open(os.devnull, "w")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72ab51cc5a97f865 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/experiment/autoai/optimizers/remote_auto_pipelines.py:882
            content = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8025fac9456e53c Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/foundation_models/embeddings/embeddings.py:644
            "verify": os.environ.get("WML_CLIENT_VERIFY_REQUESTS"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87fe6c7686f05d1b Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/foundation_models/extensions/rag/pattern/pattern.py:1014
            with open(CONFIG_PATH, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f29a4dc5ede8a76 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/functions.py:1445
            filename.write_text(file_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #157ecf2e600226b0 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:490
                os.environ.get("USER_ACCESS_TOKEN") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9034cc57ca58be39 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:491
                and os.environ.get("RUNTIME_ENV_ACCESS_TOKEN_FILE") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbc36999b85d6b63 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:575
                os.environ.get("USER_ACCESS_TOKEN") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6835569d46ebacb Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:576
                and os.environ.get("RUNTIME_ENV_ACCESS_TOKEN_FILE") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e01ca49d4eb47e6d Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:760
                os.environ.get("USER_ACCESS_TOKEN") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ad64d7021e58b7a Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:761
                and os.environ.get("RUNTIME_ENV_ACCESS_TOKEN_FILE") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72e39b0e5e23dee7 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:1051
            with open(self.location.path, "rb") as data_buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a022e5843ecbabc4 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:1093
            with open(location_path, "rb") as data_buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23773b9ed41a868b Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:1137
            if os.environ.get("TRAINING_NFS_PATH"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #935eea59d8b0550c Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:1139
                base_path = Path(os.environ.get("TRAINING_NFS_PATH", ".")) / "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e80779d9ba9c2ac Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:1143
                buffer = io.BytesIO(data_path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4575f3a3b7b13d53 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:1724
        if os.environ.get("RUNTIME_ENV_ACCESS_TOKEN_FILE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc9b7e4c4679d8b4 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:1725
            with open(os.environ.get("RUNTIME_ENV_ACCESS_TOKEN_FILE"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4a12968ac0476de Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:1725
            with open(os.environ.get("RUNTIME_ENV_ACCESS_TOKEN_FILE"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cd156de1304be88 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:1728
            token = os.environ.get("USER_ACCESS_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb0c192ee19267f2 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/base_data_connection.py:1763
            elif not os.environ.get("MEM", False):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f4883d34ec48e2a Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/connections.py:1099
                    or "USER_ACCESS_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1d342a60172699a Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/connections.py:1100
                    or "RUNTIME_ENV_ACCESS_TOKEN_FILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #167ceafda917c4df Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/connections.py:1415
                        os.environ.get("USER_ACCESS_TOKEN") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0894d58a3b76dca1 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/connections.py:1416
                        and os.environ.get("RUNTIME_ENV_ACCESS_TOKEN_FILE") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6549891e33d1e414 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/connections.py:1515
                        os.environ.get("USER_ACCESS_TOKEN") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #087943708bc5cc64 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/connections.py:1516
                        and os.environ.get("RUNTIME_ENV_ACCESS_TOKEN_FILE") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c57fd1fd448f01dd Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/connections.py:1644
                or "USER_ACCESS_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d2f6f3c9bfccca4 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/connections.py:1645
                or "RUNTIME_ENV_ACCESS_TOKEN_FILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c6cf89c41e03b2c Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_service.py:81
            not os.getenv("FLIGHT_SERVICE_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #801dcaf780dcb89b Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_service.py:100
                os.getenv("FLIGHT_SERVICE_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f55f207c05e01bf Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_service.py:101
                or os.getenv("ASSET_API_SERVICE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbc6397f78d2ead5 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_service.py:102
                or os.getenv("CATALOG_API_SERVICE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2834be631d019674 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_service.py:104
            flight_port = os.getenv("FLIGHT_SERVICE_PORT", "443")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e600d5ea6f663b5a Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_service.py:108
                runtime_flight_service_url = os.getenv("RUNTIME_FLIGHT_SERVICE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bce836e32bb79f5f Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_service.py:377
        if os.environ.get("TLS_ROOT_CERTS_PATH"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b16e92d304e0a3a Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_service.py:378
            self.additional_connection_args["tls_root_certs"] = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #467a772030307e09 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_service.py:378
            self.additional_connection_args["tls_root_certs"] = os.environ.get(
                "TLS_ROOT_CERTS_PATH"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb41a57e730d738f Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_sql_service.py:92
        if os.environ.get("TLS_ROOT_CERTS_PATH"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea55389362fd90d6 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_sql_service.py:93
            self.additional_connection_args["tls_root_certs"] = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2be92d7009f78bbd Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/connections/flight_sql_service.py:93
            self.additional_connection_args["tls_root_certs"] = os.environ.get(
                "TLS_ROOT_CERTS_PATH"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f25937ab1b4419d Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/helpers/helpers.py:87
    with open(script_name, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02b46ef8a93844dd Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/href_definitions.py:531
                    os.getenv("WATSONX_USE_PRIVATE_TOKEN_URL", "").lower().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a22d4723d4734a5 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/href_definitions.py:547
                    os.getenv("WATSONX_USE_PRIVATE_TOKEN_URL", "").lower().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97de8f11f97d6693 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/import_assets.py:71
        data = file_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d569410ba753db65 Filesystem access.
repo/TestRepoSaveLoad.py:45
        output_f = open(filepath, 'wb+')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ebb564b239ed731 Filesystem access.
repo/TestRepoSaveLoad.py:66
        modelArcFile = open(gz_file_name, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc5b80ecf3dc9b66 Environment-variable access.
repo/ml_api_client.py:42
        if 'DEPLOYMENT_PLATFORM' in os.environ and os.environ['DEPLOYMENT_PLATFORM'] == 'private':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8e1111d05ddcaf8 Environment-variable access.
repo/ml_api_client.py:71
        if 'DEPLOYMENT_PLATFORM' in os.environ and os.environ['DEPLOYMENT_PLATFORM'] == 'private':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcb66efc69d94133 Environment-variable access.
repo/mlrepository/artifact.py:65
                        if 'DEPLOYMENT_PRIVATE' in os.environ and os.environ['DEPLOYMENT_PRIVATE'] == 'icp4d':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e19cced4ab1724c4 Environment-variable access.
repo/mlrepository/artifact.py:70
                        if 'DEPLOYMENT_PRIVATE' in os.environ and os.environ['DEPLOYMENT_PRIVATE'] == 'icp4d':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7252ecb124b1179 Filesystem access.
repo/mlrepositoryartifact/function_artifact_loader.py:30
            gz_f = open(file_name, 'wb+')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64560832503e3d5c Filesystem access.
repo/mlrepositoryartifact/function_artifact_reader.py:26
        return open(self.archive_path, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47430c7cd012f808 Filesystem access.
repo/mlrepositoryartifact/generic_archive_pipeline_model_artifact.py:126
            with open(os.path.join(path, expected_file_name)) as data_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afcfb3cf5640de38 Filesystem access.
repo/mlrepositoryartifact/generic_file_artifact_loader.py:31
            gz_f = open(file_name, 'wb+')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d38059b4bf03e60 Filesystem access.
repo/mlrepositoryartifact/generic_file_reader.py:32
        return open(self.archive_path, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4f715e4b5f94cda Filesystem access.
repo/mlrepositoryartifact/hybrid_artifact_loader.py:47
            gz_f = open(gz_file_name, 'wb+')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2cc72324968271e Filesystem access.
repo/mlrepositoryartifact/hybrid_artifact_loader.py:80
            gz_f = open(output_file_name, 'wb+')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b2cdfe5169eb4e5 Filesystem access.
repo/mlrepositoryartifact/hybrid_pipeline_model_reader.py:56
        return open(self.archive_path, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11f7860758111f28 Filesystem access.
repo/mlrepositoryartifact/libraries_artifact_loader.py:35
            gz_f = open(file_name, 'wb+')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e38ce3413b228e8 Filesystem access.
repo/mlrepositoryartifact/libraries_artifact_reader.py:26
        return open(self.library, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63fd4e4af874a721 Filesystem access.
repo/mlrepositoryartifact/ml_repository_artifact.py:162
                sys.stderr = open(devnull, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b537cc3a63136cef Filesystem access.
repo/mlrepositoryartifact/runtimes_artifact_loader.py:35
            gz_f = open(file_name, 'wb+')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #519add0d3b8475ca Filesystem access.
repo/mlrepositoryartifact/runtimes_artifact_reader.py:26
        return open(self.runtimespec_path, 'rt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1f46e785db2f414 Filesystem access.
repo/mlrepositoryartifact/scikit_artifact_loader.py:41
            gz_f = open(gz_file_name, 'wb+')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #048cba86fdf21bd1 Filesystem access.
repo/mlrepositoryartifact/scikit_pipeline_model_artifact.py:29
        sys.stderr = open(os.devnull, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48175d31839fddc0 Filesystem access.
repo/mlrepositoryartifact/scikit_pipeline_reader.py:67
        return open(self.archive_path, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #432b4cf06af7c5a8 Filesystem access.
repo/mlrepositoryartifact/spark_artifact_loader.py:33
            gz_f = open(gz_file_name, 'wb+')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b256dd1c8f869c7 Environment-variable access.
repo/mlrepositoryartifact/spark_pipeline_reader.py:20
        self.hummingbird_env = os.getenv('HB_RUNTIME_PROVIDER', "").upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #490327c3cf705a1a Filesystem access.
repo/mlrepositoryartifact/spark_pipeline_reader.py:57
        return open(self.archive_path, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b0d1010cd49a8af Filesystem access.
repo/mlrepositoryartifact/tensorflow_artifact_loader.py:32
            gz_f = open(gz_file_name, 'wb+')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #420c0b906e0fb9cf Filesystem access.
repo/mlrepositoryartifact/tensorflow_pipeline_reader.py:67
        return open(self.archive_path, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94aa08ea09910fe4 Filesystem access.
repo/mlrepositoryartifact/xgboost_model_reader.py:55
        return open(self.archive_path, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1ccb38dc6b04458 Environment-variable access.
repo/mlrepositoryclient/ml_repository_api.py:39
        os.environ["DEPLOYMENT_PLATFORM"] = "private"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb80d0d882494942 Environment-variable access.
repo/mlrepositoryclient/ml_repository_api.py:40
        if 'DEPLOYMENT_PLATFORM' in os.environ and os.environ['DEPLOYMENT_PLATFORM'] == 'private':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7811ffab5fcf1549 Environment-variable access.
repo/mlrepositoryclient/ml_repository_api.py:73
        if 'DEPLOYMENT_PLATFORM' in os.environ and os.environ['DEPLOYMENT_PLATFORM'] == 'private':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91a54c80629479e0 Environment-variable access.
repo/mlrepositoryclient/ml_repository_api.py:210
        os.environ["DEPLOYMENT_PLATFORM"] = "private"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d82f66a0981fd6c9 Environment-variable access.
repo/mlrepositoryclient/ml_repository_api.py:211
        if 'DEPLOYMENT_PLATFORM' in os.environ and os.environ['DEPLOYMENT_PLATFORM'] == 'private':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea2570cb9f7219c3 Environment-variable access.
repo/mlrepositoryclient/ml_repository_api.py:238
        if 'DEPLOYMENT_PLATFORM' in os.environ and os.environ['DEPLOYMENT_PLATFORM'] == 'private':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b3e30945e725738 Environment-variable access.
repo/mlrepositoryclient/ml_repository_api.py:264
        if 'DEPLOYMENT_PLATFORM' in os.environ and os.environ['DEPLOYMENT_PLATFORM'] == 'private':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e655f8a6453bba60 Environment-variable access.
repo/mlrepositoryclient/model_collection.py:688
                if "DEPLOYMENT_PLATFORM" in os.environ and os.environ["DEPLOYMENT_PLATFORM"] == "private":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #262ff9e22b7916ce Filesystem access.
repo/swagger_client/api_client.py:441
                    with open(n, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8e2a6584a7fe26b Filesystem access.
repo/swagger_client/api_client.py:532
        with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #096730436c2f609c Environment-variable access.
repo/swagger_client/rest.py:76
        if 'DEPLOYMENT_PLATFORM' in os.environ and os.environ['DEPLOYMENT_PLATFORM'] == 'private':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e26b8662e6172aae Filesystem access.
repo/util/compression_util.py:24
        with open(filepath, 'rb') as f_in, gzip.open(gzip_filepath, 'wb+') as f_out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0da912673bbd9640 Filesystem access.
repo/util/compression_util.py:31
            output_f = open(filepath, 'wb+')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2d25d10f280f0b4 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/messages/messages.py:22
        messages = json.loads((path / file_name).read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #339fc3b0339e3ce8 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/models.py:1032
            with open("request.json", "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ebbbe3ceb0d1abe Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/models.py:1199
                with open("request.json", "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a76530504cf42b8 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/models.py:1351
            with open(t1, "rb") as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e10e3315e18cbaf Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/models.py:1370
            with open(t1, "rb") as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e80e12dc56438b6 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/models.py:1390
                with open(t2, "rb") as f1:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab29412a62bf357d Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/models.py:1503
            with open(t1, "rb") as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ee6e983b006b1d5 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/models.py:2342
                json.loads(model.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fac25068b368d4d6 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/models.py:2489
                json.loads(model.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a33b2076f189895f Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/connection.py:193
    size_mem = int(findall(r"[0-9]+", environ.get("MEM", "32"))[0])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7b04466f44ebe12 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:373
            with redirect_stdout(open(os.devnull, "w")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae8db792e211effc Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:387
                with open(local_model_path + ".onnx", "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ca24d5fe4455a1c Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:499
                with redirect_stdout(open(os.devnull, "w")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3529b9da9f4d1e49 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:1087
        with open("request.json", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73d5cc9bcdf838ea Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:1091
            with open(
                "request.json", "r", encoding=auto_pipelines_parameters.get("encoding")
            ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bd0efcd0039f96d Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:1105
            with open("request.json", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d337734e5f5734e8 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:1109
                with open(
                    "request.json",
                    "r",
                    encoding=auto_pipelines_parameters.get("encoding"),
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #968fa748da6eedb9 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:1350
        with open(pipeline_definition_name, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b4a71b8434a9c9a Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:1369
        with open("schema.json", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08f23f5c6c696453 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:1475
        with open(pipeline_definition_name, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03c0f42d56d959c6 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:1494
        with open("schema.json", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51328e4c9234031c Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:1539
    with open(data_location, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df078e9c07ffbad1 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:1546
    with open(data_location, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc5731224d1408ff Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:2115
        with open(tmp_file, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5cfed6c6e14ef7a Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:3170
            with open("request.json", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e30d664d948e53a Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:3174
                with open(
                    "request.json",
                    "r",
                    encoding=auto_pipelines_parameters.get("encoding"),
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40338a97f9aa6a1d Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:3189
                with open("request.json", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e22da6955b334cec Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:3193
                    with open(
                        "request.json",
                        "r",
                        encoding=auto_pipelines_parameters.get("encoding"),
                    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17042d5bb94efd16 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:3286
            with open("request.json", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c438484a8d401675 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:3290
                with open(
                    "request.json",
                    "r",
                    encoding=auto_pipelines_parameters.get("encoding"),
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9332d2a15dac90b4 Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:3305
                with open("request.json", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea956352c519019b Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/autoai/utils.py:3309
                    with open(
                        "request.json",
                        "r",
                        encoding=auto_pipelines_parameters.get("encoding"),
                    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8934d104f8b7e6fd Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/utils.py:555
    f = open(filename, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #479776bd5178c9ef Filesystem access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/utils.py:694
        b_model = file_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #037315d7dbc75fa7 Environment-variable access.
pkgs/python/[email protected]/ibm_watsonx_ai/utils/utils.py:1305
        if os.environ.get(gov_env_var_name) != "True":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

json5

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #2d932cdcb3b8b143 Filesystem access.
pkgs/python/[email protected]/json5/host.py:48
        with open(path, 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff23761e3de768d7 Filesystem access.
pkgs/python/[email protected]/json5/host.py:52
        with open(path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-apify

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #bdae05568be3fcb5 Environment-variable access.
pkgs/python/[email protected]/langchain_apify/document_loaders.py:87
        apify_api_token = apify_api_token or os.getenv('APIFY_TOKEN', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af3a9b7f683ae2a3 Environment-variable access.
pkgs/python/[email protected]/langchain_apify/tools.py:77
        apify_api_token = apify_api_token or os.getenv('APIFY_API_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

linkup-sdk

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #ff55b54ac48ca011 Environment-variable access.
pkgs/python/[email protected]/src/linkup/_client.py:92
                api_key = os.getenv("LINKUP_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lxml

python dependency
expand_more 49 low-confidence finding(s)
low env_fs tooling reachable #0345398193706208 Filesystem access.
pkgs/python/[email protected]/benchmark/benchbase.py:577
        with open("callgrind.cmd", 'w') as cmd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #141083d7f71b7d5b Environment-variable access.
pkgs/python/[email protected]/benchmark/run_benchmarks.py:43
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2e8da68ee157ddf8 Environment-variable access.
pkgs/python/[email protected]/benchmark/run_benchmarks.py:46
        env = env or os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1e1f4b1e196bcb76 Filesystem access.
pkgs/python/[email protected]/benchmark/run_benchmarks.py:102
        with open(profile_input) as data_file_in:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c492102f106a9cc0 Filesystem access.
pkgs/python/[email protected]/benchmark/run_benchmarks.py:103
            with open(data_file_name, mode='w') as data_file_out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #05fde273057f157c Environment-variable access.
pkgs/python/[email protected]/benchmark/run_benchmarks.py:170
    logging.info(f"CFLAGS={os.environ.get('CFLAGS', DISTUTILS_CFLAGS)}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00f8388eef0ad797 Filesystem access.
pkgs/python/[email protected]/buildlibxml.py:41
    with open(file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d438fadd4242a10c Environment-variable access.
pkgs/python/[email protected]/buildlibxml.py:54
    if platform.machine() == 'ARM64' or os.getenv('VSCMD_ARG_TGT_ARCH') == 'arm64':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a960a93674e6a3c Environment-variable access.
pkgs/python/[email protected]/buildlibxml.py:70
            github_api_token=os.environ.get("GITHUB_API_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db89b96cd3d54c3d Environment-variable access.
pkgs/python/[email protected]/buildlibxml.py:541
        env_default.update(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b02f16ac8a9f8ac8 Filesystem access.
pkgs/python/[email protected]/buildlibxml.py:693
    with open(os.path.join(libxslt_dir, "configure"), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5a2f6ea41a15557 Filesystem access.
pkgs/python/[email protected]/buildlibxml.py:697
        with open(os.path.join(libxslt_dir, "configure"), 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a65119e5db1dd7a4 Environment-variable access.
pkgs/python/[email protected]/buildlibxml.py:741
    get_env = os.environ.get

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb7b598697959135 Filesystem access.
pkgs/python/[email protected]/doc/mkhtml.py:173
    f = open_file(os.path.join(lxml_path, 'CHANGES.txt'), 'r', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b34d8ce3f960f4e Filesystem access.
pkgs/python/[email protected]/doc/mkhtml.py:189
    out_file = open(changelog_file_path, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6709c96b74ce199f Filesystem access.
pkgs/python/[email protected]/doc/mklatex.py:91
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b339beffcc049b41 Filesystem access.
pkgs/python/[email protected]/doc/mklatex.py:96
    doc = open(src, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fa95dc31f07980e Filesystem access.
pkgs/python/[email protected]/doc/mklatex.py:97
    out = open(dest, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ac40077aefd4161 Filesystem access.
pkgs/python/[email protected]/doc/mklatex.py:145
    with open(src_path) as src:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a9bb3abf930db56 Filesystem access.
pkgs/python/[email protected]/doc/mklatex.py:148
    dest = open(dest_path, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f2f75753220ace6 Filesystem access.
pkgs/python/[email protected]/doc/mklatex.py:286
    master = open( os.path.join(dirname, TARGET_FILE), "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd608accce0dad0a Filesystem access.
pkgs/python/[email protected]/doc/update_performance_results.py:14
        with open(file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0dbfa832d5fd7ce Filesystem access.
pkgs/python/[email protected]/doc/update_performance_results.py:26
    with open(text_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #add7f6b848ebcc04 Filesystem access.
pkgs/python/[email protected]/doc/update_performance_results.py:51
    with open(doc_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e2ff3430c8e9e22 Environment-variable access.
pkgs/python/[email protected]/setup.py:26
    return [x.strip() for x in os.environ.get(name, "").split(separator) if x.strip()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25ad876d3d3b282e Filesystem access.
pkgs/python/[email protected]/setup.py:52
with open("requirements.txt", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aca10176ca5cb866 Filesystem access.
pkgs/python/[email protected]/setup.py:183
                with open(os.path.join(root_path, package_filename), 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e509bcfc5f76b135 Environment-variable access.
pkgs/python/[email protected]/setupinfo.py:46
    value = os.getenv(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15f60729a848813d Filesystem access.
pkgs/python/[email protected]/setupinfo.py:191
        with io.open(src_file, 'r', encoding='iso8859-1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be1020305d8caa08 Filesystem access.
pkgs/python/[email protected]/setupinfo.py:195
        with io.open(dst_file, 'w', encoding='iso8859-1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e96f67a449cfbbb Environment-variable access.
pkgs/python/[email protected]/setupinfo.py:417
    PKG_CONFIG = os.getenv('PKG_CONFIG', 'pkg-config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37bb00f8e2f42b8f Environment-variable access.
pkgs/python/[email protected]/setupinfo.py:425
    XML2_CONFIG = os.getenv('XML2_CONFIG', 'xml2-config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd74d57454d84e29 Environment-variable access.
pkgs/python/[email protected]/setupinfo.py:428
        XSLT_CONFIG = os.getenv('XSLT_CONFIG', 'xslt-config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bb9c87a5bb6c0df Environment-variable access.
pkgs/python/[email protected]/setupinfo.py:497
    env_val = os.getenv(name.upper().replace('-', '_'), 'false').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adc42fe76765f47b Environment-variable access.
pkgs/python/[email protected]/setupinfo.py:521
    env_val = os.getenv(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3210ae0ecc3c2466 Environment-variable access.
pkgs/python/[email protected]/setupinfo.py:531
staticbuild = bool(os.environ.get('STATICBUILD', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72e2feecf76f4af5 Filesystem access.
pkgs/python/[email protected]/src/lxml/ElementInclude.py:97
    file = open(href, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81b708a072fe33a8 Filesystem access.
pkgs/python/[email protected]/src/lxml/ElementInclude.py:120
            f = open(href, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62edbe5fec6eb610 Filesystem access.
pkgs/python/[email protected]/src/lxml/html/_diffcommand.py:52
        with open(options.output, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e58bac0fff7b3a46 Filesystem access.
pkgs/python/[email protected]/src/lxml/html/_diffcommand.py:62
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e49b7138a6d71b4 Filesystem access.
pkgs/python/[email protected]/src/lxml/html/html5parser.py:235
        fp = open(filename_url_or_file, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e25be363e8cde1f7 Filesystem access.
pkgs/python/[email protected]/src/lxml/html/soupparser.py:46
        file = open(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1eaefd7d3c58e8f8 Filesystem access.
pkgs/python/[email protected]/tools/xpathgrep.py:135
        with open(input, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #137ceeb540af6891 Filesystem access.
pkgs/python/[email protected]/update-error-constants.py:59
    with open(filename, 'r', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ce289c0a039d1f1 Filesystem access.
pkgs/python/[email protected]/update-error-constants.py:67
    with open(filename, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ecf3d72c3c4183f Filesystem access.
pkgs/python/[email protected]/versioninfo.py:12
        with open(os.path.join(get_base_dir(), 'src', 'lxml', '__init__.py')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47b5cca3c61a1860 Filesystem access.
pkgs/python/[email protected]/versioninfo.py:41
    with io.open(os.path.join(get_base_dir(), "CHANGES.txt"), 'r', encoding='utf8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1878864e74b8e1a1 Filesystem access.
pkgs/python/[email protected]/versioninfo.py:68
        with open(file_path, 'r') as version_h:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3a161b507521b49 Filesystem access.
pkgs/python/[email protected]/versioninfo.py:72
    with open(file_path, 'w') as version_h:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mcpadapt

python dependency
expand_more 13 low-confidence finding(s)
low env_fs tooling reachable #1f660128af108246 Environment-variable access.
pkgs/python/[email protected]/examples/crewai_pubmed.py:16
if not os.environ.get("OPENAI_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a93c77c2200b3f5c Environment-variable access.
pkgs/python/[email protected]/examples/crewai_pubmed.py:25
        env={"UV_PYTHON": "3.12", **os.environ},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #eeda0656fc9dce7c Environment-variable access.
pkgs/python/[email protected]/examples/google_genai.py:27
    api_key=os.getenv("GEMINI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #197b3862a605a041 Environment-variable access.
pkgs/python/[email protected]/examples/langchain_pubmed.py:20
if not os.environ.get("ANTHROPIC_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a93b8c6eeb030171 Environment-variable access.
pkgs/python/[email protected]/examples/langchain_pubmed.py:34
            env={"UV_PYTHON": "3.12", **os.environ},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e6775502ceea3c79 Environment-variable access.
pkgs/python/[email protected]/examples/langchain_pubmed.py:75
            env={"UV_PYTHON": "3.12", **os.environ},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4ffd5b9add5d766d Environment-variable access.
pkgs/python/[email protected]/examples/smolagents_pubmed.py:25
        env={"UV_PYTHON": "3.12", **os.environ},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a0feef42709d68af Environment-variable access.
pkgs/python/[email protected]/examples/smolagents_structured_output.py:63
        model = InferenceClientModel(token=os.getenv("HF_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a8754d3571968f80 Environment-variable access.
pkgs/python/[email protected]/examples/smolagents_structured_output.py:85
        model = InferenceClientModel(token=os.getenv("HF_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d09ff87ce0ad814b Filesystem access.
pkgs/python/[email protected]/scripts/bump_version.py:21
    content = init_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4ff24bab14ed2267 Filesystem access.
pkgs/python/[email protected]/scripts/bump_version.py:40
    init_file.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2af7c4d327ef8675 Environment-variable access.
pkgs/python/[email protected]/src/mcpadapt/google_genai_adapter.py:114
            env={"UV_PYTHON": "3.12", **os.environ},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1266a80c3e340105 Environment-variable access.
pkgs/python/[email protected]/src/mcpadapt/smolagents_adapter.py:265
            env={"UV_PYTHON": "3.12", **os.environ},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

multion

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #d5d1bbef95fb0a78 Environment-variable access.
pkgs/python/[email protected]/src/multion/base_client.py:76
        api_key: typing.Optional[str] = os.getenv("MULTION_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4394c9b5740a7273 Environment-variable access.
pkgs/python/[email protected]/src/multion/base_client.py:375
        api_key: typing.Optional[str] = os.getenv("MULTION_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00a4b5137d7a194a Environment-variable access.
pkgs/python/[email protected]/src/multion/client.py:51
        agentops_api_key: typing.Optional[str] = os.getenv("AGENTOPS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0abd7b262184ba3b Environment-variable access.
pkgs/python/[email protected]/src/multion/client.py:64
                parent_key=os.getenv("AGENTOPS_PARENT_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0632c52a894fa79e Environment-variable access.
pkgs/python/[email protected]/src/multion/client.py:130
        agentops_api_key: typing.Optional[str] = os.getenv("AGENTOPS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbc598993a93d06c Environment-variable access.
pkgs/python/[email protected]/src/multion/client.py:140
                parent_key=os.getenv("AGENTOPS_PARENT_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openpyxl

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #5d36a0b368e5dbad Filesystem access.
pkgs/python/[email protected]/openpyxl/worksheet/_writer.py:379
        with open(self.out, "rb") as src:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26f6327d6a7fc6ab Environment-variable access.
pkgs/python/[email protected]/openpyxl/xml/__init__.py:23
    return os.environ.get("OPENPYXL_LXML", "True") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d32302c967e217fa Environment-variable access.
pkgs/python/[email protected]/openpyxl/xml/__init__.py:39
    return os.environ.get("OPENPYXL_DEFUSEDXML", "True") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08d35e00da80bde7 Filesystem access.
pkgs/python/[email protected]/setup.py:24
    with open(os.path.join(here, 'README.rst')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

oxylabs

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #0d351ec55289acb2 Filesystem access.
pkgs/python/[email protected]/setup.py:5
    with open(rel_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

packaging

python dependency
expand_more 3 low-confidence finding(s)
low env_fs tooling reachable #67b972b2332ce7c6 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:11
with open(os.path.join(_BASE_DIR, "src", "packaging", "__init__.py")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4aa0101fe315be2a Filesystem access.
pkgs/python/[email protected]/src/packaging/_manylinux.py:34
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cfe57a25128fc46 Filesystem access.
pkgs/python/[email protected]/src/packaging/_musllinux.py:46
        with open(executable, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pandas

python dependency
expand_more 28 low-confidence finding(s)
low env_fs dependency Excluded from app score #49bf4aa0db05bd14 Filesystem access.
pkgs/python/[email protected]/generate_pxi.py:8
    with open(pxifile, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e0fb6b835d23dc5 Filesystem access.
pkgs/python/[email protected]/generate_pxi.py:12
    with open(outfile, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6633d62709be02c4 Environment-variable access.
pkgs/python/[email protected]/generate_version.py:25
    if os.environ.get("MESON_DIST_ROOT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #595e3e2188025bff Environment-variable access.
pkgs/python/[email protected]/generate_version.py:26
        path = os.path.join(os.environ.get("MESON_DIST_ROOT"), path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63e3587c7e4778a5 Filesystem access.
pkgs/python/[email protected]/generate_version.py:27
    with open(path, "w", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ee5dd21e7772f47 Environment-variable access.
pkgs/python/[email protected]/pandas/_testing/contexts.py:76
                    del os.environ["TZ"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e88151b5a962c070 Environment-variable access.
pkgs/python/[email protected]/pandas/_testing/contexts.py:80
                os.environ["TZ"] = tz

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aec75843434777c2 Environment-variable access.
pkgs/python/[email protected]/pandas/_testing/contexts.py:85
    orig_tz = os.environ.get("TZ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86eb04fe22b8e18a Filesystem access.
pkgs/python/[email protected]/pandas/_version.py:159
        with open(versionfile_abs, encoding="utf-8") as fobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7690f4834852b1d2 Environment-variable access.
pkgs/python/[email protected]/pandas/_version.py:264
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17c348acac96b635 Environment-variable access.
pkgs/python/[email protected]/pandas/compat/__init__.py:154
    return os.environ.get("PANDAS_CI", "0") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #262a189e18606683 Environment-variable access.
pkgs/python/[email protected]/pandas/core/config_init.py:425
        if os.environ.get("PANDAS_COPY_ON_WRITE", "0") == "warn"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccd834903c746f6a Environment-variable access.
pkgs/python/[email protected]/pandas/core/config_init.py:426
        else os.environ.get("PANDAS_COPY_ON_WRITE", "1") == "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a3c79a236239148 Environment-variable access.
pkgs/python/[email protected]/pandas/core/config_init.py:878
        False if os.environ.get("PANDAS_FUTURE_INFER_STRING", "1") == "0" else True,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba4a875d419ec806 Environment-variable access.
pkgs/python/[email protected]/pandas/core/config_init.py:895
        os.environ.get("PANDAS_FUTURE_DISTINGUISH_NAN_AND_NA", "0") == "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4eb623e743240f2 Environment-variable access.
pkgs/python/[email protected]/pandas/core/config_init.py:906
        False if os.environ.get("PANDAS_FUTURE_PYTHON_SCALARS", "0") == "0" else True,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e810d6c6e5994512 Filesystem access.
pkgs/python/[email protected]/pandas/core/series.py:1573
            with open(buf, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2536edf7ba3192a Environment-variable access.
pkgs/python/[email protected]/pandas/io/clipboard/__init__.py:74
HAS_DISPLAY = os.getenv("DISPLAY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ccfdf4ca53ca8f6 Filesystem access.
pkgs/python/[email protected]/pandas/io/clipboard/__init__.py:302
        with open("/dev/clipboard", "w", encoding="utf-8") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7202ae4a3327cbc Filesystem access.
pkgs/python/[email protected]/pandas/io/clipboard/__init__.py:306
        with open("/dev/clipboard", encoding="utf-8") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8308b3ab9d0c572c Environment-variable access.
pkgs/python/[email protected]/pandas/io/clipboard/__init__.py:569
        if os.environ.get("WAYLAND_DISPLAY") and _executable_exists("wl-copy"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c58e97c92baaceea Filesystem access.
pkgs/python/[email protected]/pandas/io/common.py:930
            handle = open(
                handle,
                ioargs.mode,
                encoding=ioargs.encoding,
                errors=errors,
                newline="",
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37fa4e6c26723271 Filesystem access.
pkgs/python/[email protected]/pandas/io/common.py:939
            handle = open(handle, ioargs.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #954dbbe2fa7e2d66 Filesystem access.
pkgs/python/[email protected]/pandas/io/common.py:1192
        handle = open(handle, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6aac7c5ae6c7b272 Filesystem access.
pkgs/python/[email protected]/pandas/io/formats/format.py:1076
        with open(buf, "w", encoding=encoding, newline="") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcc663f3ab07d881 Environment-variable access.
pkgs/python/[email protected]/pandas/util/_print_versions.py:57
        "LC_ALL": os.environ.get("LC_ALL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #420b76b173adfc0c Environment-variable access.
pkgs/python/[email protected]/pandas/util/_print_versions.py:58
        "LANG": os.environ.get("LANG"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a6d3a4f314155a5 Filesystem access.
pkgs/python/[email protected]/pandas/util/_print_versions.py:148
            with open(as_json, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pdfplumber

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #3c16dad431d35d9e Filesystem access.
pkgs/python/[email protected]/pdfplumber/pdf.py:98
            stream = open(path_or_fp, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3160c60bb154c69 Filesystem access.
pkgs/python/[email protected]/pdfplumber/repair.py:72
        with open(outfile, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ed1a19f85c52a17 Filesystem access.
pkgs/python/[email protected]/setup.py:13
    return open(path, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

portalocker

python dependency
expand_more 17 low-confidence finding(s)
low env_fs dependency Excluded from app score #b85ba82c5421ee36 Filesystem access.
pkgs/python/[email protected]/portalocker/__main__.py:126
            (base_path / 'README.rst').read_text(encoding='ascii')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84055c62ed6b989f Filesystem access.
pkgs/python/[email protected]/portalocker/__main__.py:131
            (base_path / 'LICENSE').read_text(encoding='ascii')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8641bdbacabf7c2 Filesystem access.
pkgs/python/[email protected]/portalocker/utils.py:329
            open(  # noqa: SIM115
                self.filename,
                self.mode,
                **self.file_open_kwargs,
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20642a2d0d12d551 Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_core_locking.py:16
    with open(tmpfile, 'a') as a, open(tmpfile, 'a') as b:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b677513db38d1c1c Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_core_locking.py:30
    with open(tmpfile, 'w') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5112c63212d000c4 Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_core_locking.py:33
    with open(tmpfile, 'r+') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fb41b385eb6c1cb Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_core_locking.py:48
    with open(tmpfile, 'w') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50efce839721ca25 Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_lock_flags.py:13
    with open(tmpfile, 'w') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4afe117c987f349e Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_lock_flags.py:16
    with open(tmpfile) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be17cb4430ddfd83 Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_lock_flags.py:22
            open(
                tmpfile,
                'r+',
            ) as fh2,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6aaa2f814d574d23 Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_lock_flags.py:33
            open(
                tmpfile,
                'w+',
            ) as fh2,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #940057c020ee28ca Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_lock_flags.py:47
    with open(tmpfile, 'w') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99e03ec6ca95b836 Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_lock_flags.py:50
    with open(tmpfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #510addceaa8c3652 Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_lock_flags.py:54
        with open(tmpfile) as fh2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #077aa2c08d9c6555 Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_lock_flags.py:61
            open(
                tmpfile,
                'w+',
            ) as fh2,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3561305e3bb2f283 Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_lock_flags.py:95
    with open(tmpfile, 'w') as fh, pytest.raises(RuntimeError):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b0584b1d31b5240 Filesystem access.
pkgs/python/[email protected]/portalocker_tests/test_mechanisms.py:18
    with open(tmpfile, 'a+') as a, open(tmpfile, 'a+') as b:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

psycopg2-binary

python dependency
expand_more 12 low-confidence finding(s)
low env_fs tooling reachable #8ea0ffa8a64f9bb6 Filesystem access.
pkgs/python/[email protected]/doc/src/tools/make_sqlstate_docs.py:16
    with open(clsfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1a91412af4a33a48 Filesystem access.
pkgs/python/[email protected]/scripts/make_errorcodes.py:40
    f = open(filename, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4f19c98717822c0f Filesystem access.
pkgs/python/[email protected]/scripts/make_errorcodes.py:49
    for line in open(filename):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d642a5999f3ec27d Filesystem access.
pkgs/python/[email protected]/scripts/make_errors.py:34
    f = open(filename, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #da89ebc0f064d8ff Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:47
    f1 = open(f'debug-{(opt.nruns - 1):02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #744830cf71170578 Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:48
    f2 = open(f'debug-{opt.nruns:02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9bd8510e8a76589b Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:56
        f1 = open(f'objs-{(opt.nruns - 1):02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #756e0f32eb2979a2 Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:57
        f2 = open(f'objs-{opt.nruns:02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3e5e955a57270a1d Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:88
        stream=open(f"debug-{i:02}.txt", "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b071c709f85e3e79 Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:103
        pprint(co, stream=open(f"objs-{i:02}.txt", "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #894db7669517f68f Environment-variable access.
pkgs/python/[email protected]/setup.py:125
            path_directories = os.environ['PATH'].split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aae7fad85cb20ec8 Filesystem access.
pkgs/python/[email protected]/setup.py:511
    f = open("README.rst")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pydantic

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #d7809cb840fb4a74 Filesystem access.
pkgs/python/[email protected]/pydantic/deprecated/parse.py:71
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b66761d863ae3fc0 Environment-variable access.
pkgs/python/[email protected]/pydantic/json_schema.py:344
                if os.getenv('PYDANTIC_PRIVATE_ALLOW_UNHANDLED_SCHEMA_TYPES'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f95fd6ea3d5c71a Filesystem access.
pkgs/python/[email protected]/pydantic/mypy.py:1411
    with open(config_file, 'rb') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff5539f4860a0182 Environment-variable access.
pkgs/python/[email protected]/pydantic/plugin/_loader.py:27
    disabled_plugins = os.getenv('PYDANTIC_DISABLE_PLUGINS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3497b4856768c81c Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:173
            env_vars: Mapping[str, Optional[str]] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97b13ea27d076225 Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:175
            env_vars = {k.lower(): v for k, v in os.environ.items()}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e452221d06c8c84b Filesystem access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:307
                    secret_value = path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10e3c00d19b8c3b9 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/mypy.py:948
    with open(config_file, read_mode) as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9badec401b751176 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/parse.py:57
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pydantic-settings

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #aae9fbba4ab71ab2 Environment-variable access.
pkgs/python/[email protected]/pydantic_settings/sources/providers/env.py:75
        return parse_env_vars(os.environ, self.case_sensitive, self.env_ignore_empty, self.env_parse_none_str)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40a1d14eb177cbee Filesystem access.
pkgs/python/[email protected]/pydantic_settings/sources/providers/nested_secrets.py:203
        return {str(p.relative_to(path)): p.read_text().strip() for p in cls._iter_secret_files(path)}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61a9bfe9522dfda0 Filesystem access.
pkgs/python/[email protected]/pydantic_settings/sources/providers/secrets.py:122
                    return path.read_text().strip(), field_key, value_is_complex

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pygithub

python dependency
expand_more 36 low-confidence finding(s)
low env_fs dependency Excluded from app score #87f946f4a7e68256 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:302
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50ba7abed35cc244 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:324
with open("github_objects.rst", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d44391b051c4738 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:335
    with open("github_objects/" + githubObjectClass + ".rst", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc455ef566f1d4c4 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:345
    with open("../" + module.replace(".", "/") + ".py") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc612e703f9c6765 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:387
with open("apis.rst", "w") as apis:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08671d79b7d655ed Filesystem access.
pkgs/python/[email protected]/github/Requester.py:1016
        with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cbcae888bec9def Filesystem access.
pkgs/python/[email protected]/github/Requester.py:1140
            f = open(local_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b4885f1a62f7831e Filesystem access.
pkgs/python/[email protected]/scripts/fix_headers.py:173
        with open(filename, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #db145fc5c5183555 Filesystem access.
pkgs/python/[email protected]/scripts/fix_headers.py:178
            with open(filename, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #71de99698c02e18a Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:1897
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fbcb1624b2563e3f Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:1963
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b7b49f5e1ddcadad Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2075
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b8fd7605955a4e3a Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2094
                with open(filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #329a19f72f90d1dd Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2109
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4cf502766f264d81 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2111
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f67024174e2fadb3 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2205
                with open(clazz.filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f2d4bfa39caacdfd Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2216
                    with open(clazz.test_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #866570a333fde2ae Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2241
        with open(spec_file, "wb") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #62f1f8a14d23c591 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2369
            with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bc858b475dae4964 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2394
                with open(index_filename) as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #119641d0b67e2ed4 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2400
            with open(index_filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #167b00bed8f61fd5 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2407
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #6eef1467568a1eb7 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2409
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #dc636da268a69782 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2573
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1a266fc68ccf068b Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2575
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #37f99af766cf5df8 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2843
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #51ad337e369a4ae4 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2998
                        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #14a6db20a91be16b Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3045
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #33e87ca434d8dc49 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3064
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8f8fd706c34ef72c Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3066
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #17f7a10e9b9216bb Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3074
        with open(clazz.filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2a7e91e58419d351 Filesystem access.
pkgs/python/[email protected]/scripts/prepare-for-update-assertions.py:109
    with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7514cc07bc2d9db5 Filesystem access.
pkgs/python/[email protected]/scripts/prepare-for-update-assertions.py:125
            with open(filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #68006f209363e880 Filesystem access.
pkgs/python/[email protected]/scripts/sort_class.py:186
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #6731bffab5293bf1 Filesystem access.
pkgs/python/[email protected]/scripts/sort_class.py:203
                with open(filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #d62103f8313f3eab Filesystem access.
pkgs/python/[email protected]/scripts/sort_class.py:224
    with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyjwt

python dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling reachable #c6a702516883f330 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:11
    with open(os.path.join(here, *parts), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #eeac8bd6ff451058 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:97
os.environ["SPHINX_BUILD"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffd3b7de9e3a45c6 Environment-variable access.
pkgs/python/[email protected]/jwt/algorithms.py:102
    if TYPE_CHECKING or bool(os.getenv("SPHINX_BUILD", "")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b7eda65bb030f53 Environment-variable access.
pkgs/python/[email protected]/jwt/api_jwt.py:25
if TYPE_CHECKING or bool(os.getenv("SPHINX_BUILD", "")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pymysql

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #640b190b1e0cc39d Filesystem access.
pkgs/python/[email protected]/pymysql/connections.py:1460
            with open(self.filename, "rb") as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pypdf

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #bb3f7f844cfb8e8c Filesystem access.
pkgs/python/[email protected]/pypdf/_page.py:2033
            debug_path.joinpath("fonts.json").write_text(
                json.dumps(fonts, indent=2, default=asdict),
                "utf-8"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #569d3aa88e807d0b Filesystem access.
pkgs/python/[email protected]/pypdf/_reader.py:172
            with open(stream, "rb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59e909a5315941bc Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:285
        debug_path.joinpath("bt_groups.json").write_text(
            json.dumps(ty_groups, indent=2, default=str), "utf-8"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #867d7638f46d9007 Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:351
        debug_path.joinpath("bts.json").write_text(
            json.dumps(bt_groups, indent=2, default=str), "utf-8"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a1d0e9f160a58fd Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:354
        debug_path.joinpath("tjs.json").write_text(
            json.dumps(
                tj_ops, indent=2, default=lambda x: getattr(x, "to_dict", str)(x)
            ),
            "utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bf326f6b20aa9c9 Filesystem access.
pkgs/python/[email protected]/pypdf/_utils.py:391
    with open("pypdf_pdfLocation.txt", "wb") as output_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #261919f4254d9573 Filesystem access.
pkgs/python/[email protected]/pypdf/_writer.py:245
                with open(fileobj, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #187423fbfe4d48b7 Environment-variable access.
pkgs/python/[email protected]/pypdf/filters.py:752
            environment = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5c926d8905d82617 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/resources/afm_to_dataclass.py:24
        with urllib.request.urlopen(
            f"https://{FONT_LOC}"
        ) as connection, ZipFile(BytesIO(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

python-docx

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #e67929d83e9f4143 Filesystem access.
pkgs/python/[email protected]/src/docx/image/image.py:41
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b94920464e977fe6 Filesystem access.
pkgs/python/[email protected]/src/docx/opc/phys_pkg.py:47
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2853894929b0ca52 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/comments.py:49
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #651243c77788821e Filesystem access.
pkgs/python/[email protected]/src/docx/parts/hdrftr.py:31
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3ed28bfe6eed95e Filesystem access.
pkgs/python/[email protected]/src/docx/parts/hdrftr.py:51
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e9a9bdc0c552f83 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/settings.py:48
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13e16b016740e758 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/styles.py:40
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-dotenv

python dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #a6bef7898e15b859 Filesystem access.
pkgs/python/[email protected]/src/dotenv/cli.py:76
        with open(path) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a0951134e441822 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:194
        if v is not None and (override or k not in os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cc8d1709c57df37 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:225
    cmd_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35b00ad6765ffb22 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:26
    if "PYTHON_DOTENV_DISABLED" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9ee3234af305ba3 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:28
    value = os.environ["PYTHON_DOTENV_DISABLED"].casefold()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c884a88dd6e98da9 Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:63
            with open(self.dotenv_path, encoding=self.encoding) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b97624c9c5b1e9eb Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:105
            if k in os.environ and not self.override:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e09da80fb6e2c965 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:108
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5088789726e0d924 Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:148
        source: IO[str] = open(path, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a979b72c928227c Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:302
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2b5c9af549b99de Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:306
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-magic

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #4bceb3dccaa51154 Filesystem access.
pkgs/python/[email protected]/setup.py:11
    with io.open(os.path.join(os.path.dirname(__file__), file_name),
                 encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pytube

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #00473aef2f3c388f Filesystem access.
pkgs/python/[email protected]/pytube/captions.py:154
        with open(file_path, "w", encoding="utf-8") as file_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #652703e9f89506af Filesystem access.
pkgs/python/[email protected]/pytube/innertube.py:249
                with open(_token_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cab8fb2dc27491dc Filesystem access.
pkgs/python/[email protected]/pytube/innertube.py:268
        with open(_token_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d89bc8e0ca8e8845 Filesystem access.
pkgs/python/[email protected]/pytube/streams.py:312
        with open(file_path, "wb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cc028de3f4c23db Filesystem access.
pkgs/python/[email protected]/setup.py:13
with open(os.path.join(here, "pytube", "version.py")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyyaml

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #f698abccb25d32a6 Environment-variable access.
pkgs/python/[email protected]/setup.py:72
os.environ['SETUPTOOLS_USE_DISTUTILS'] = 'local'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9cf1cacf6958d59 Environment-variable access.
pkgs/python/[email protected]/setup.py:81
if 'sdist' in sys.argv or os.environ.get('PYYAML_FORCE_CYTHON') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9e0070026c05547 Environment-variable access.
pkgs/python/[email protected]/setup.py:160
            with_ext = getattr(self, ext.attr_name) or os.environ.get('PYYAML_FORCE_{0}'.format(ext.feature_name.upper()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

qdrant-client

python dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #2679aa6f26d80a78 Filesystem access.
pkgs/python/[email protected]/qdrant_client/embed/schema_parser.py:298
        with open(output_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47400608888de6eb Filesystem access.
pkgs/python/[email protected]/qdrant_client/embed/utils.py:76
    with open(path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #908d5bd575ff7b41 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/async_qdrant_local.py:99
            with open(meta_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b81950705f3d61c3 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/async_qdrant_local.py:102
            with open(meta_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91ff7931413dc4eb Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/async_qdrant_local.py:125
            with open(lock_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #967c481f50b390f7 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/async_qdrant_local.py:127
        self._flock_file = open(lock_file_path, "r+")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3259798f36aa5f46 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/async_qdrant_local.py:146
        with open(meta_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce3b726b13d3c9e5 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/qdrant_local.py:102
            with open(meta_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83b4d2a9dddb4c38 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/qdrant_local.py:105
            with open(meta_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6497f8a4709ae195 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/qdrant_local.py:136
            with open(lock_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b11020e6bf986220 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/qdrant_local.py:138
        self._flock_file = open(lock_file_path, "r+")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0ef6c25482f24f5 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/qdrant_local.py:162
        with open(meta_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

regex

python dependency
expand_more 3 low-confidence finding(s)
low env_fs tooling reachable #704134a1fd729cac Filesystem access.
pkgs/python/[email protected]/tools/build_regex_unicode.py:680
    with open(path, 'w', encoding='ascii') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f298ab216a14ba8a Filesystem access.
pkgs/python/[email protected]/tools/build_regex_unicode.py:1454
    with open(c_path, 'w', newline='\n', encoding='ascii') as c_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fc1014b016f53bad Filesystem access.
pkgs/python/[email protected]/tools/build_regex_unicode.py:1577
    with open(h_path, 'w', newline='\n', encoding='ascii') as h_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

requests

python dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #9b57891616c6af2f Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:857
                    os.environ.get("REQUESTS_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08f002eb3adcb627 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:858
                    or os.environ.get("CURL_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d138ccbdc6945c3f Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:239
    netrc_file = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69db0e5a64dd9200 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:798
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #364a60e66d128195 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:799
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e437701a8bd3b2a Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:805
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f854a0cfc6278b4 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:807
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82c9f93dd9fc264f Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:820
        return os.environ.get(key) or os.environ.get(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

scrapegraph-py

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #ff213b697323abd6 Environment-variable access.
pkgs/python/[email protected]/src/scrapegraph_py/env.py:9
        return os.environ.get("SGAI_DEBUG") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f79136274dd876ec Environment-variable access.
pkgs/python/[email protected]/src/scrapegraph_py/env.py:13
        val = os.environ.get("SGAI_TIMEOUT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96282b039efbf833 Environment-variable access.
pkgs/python/[email protected]/src/scrapegraph_py/env.py:18
        return os.environ.get("SGAI_API_URL") or "https://v2-api.scrapegraphai.com/api"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

selenium

python dependency
expand_more 29 low-confidence finding(s)
low env_fs dependency Excluded from app score #dc6da19ca2726b30 Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/__init__.py:23
if os.environ.get("SE_DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf19d2ae3ab57201 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/chromium/options.py:83
            with open(extension, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b826b57387afffd Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/chromium/service.py:58
        if os.environ.get("SE_DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d57c87acc8ffadc9 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/common/api_request_context.py:568
                    with open(file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87af1a2a8d1eba07 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/common/api_request_context.py:601
                with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #413f5e147c44d4bf Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/common/bidi/cdp.py:48
    return int(os.environ.get("SE_CDP_MAX_WS_MESSAGE_SIZE", MAX_WS_MESSAGE_SIZE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f1d7bb5ed239ea6 Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/common/selenium_manager.py:81
        if (env_path := os.getenv("SE_MANAGER_PATH")) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a3d447995be1119 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/common/service.py:64
            self.log_output = open(log_output, "a+", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6305bf396c9499c6 Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/common/service.py:77
        self.env = env or os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a72717fcc843eea Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/common/service.py:261
            return os.getenv(self.DRIVER_PATH_ENV_KEY, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f09bee09d1ecc9a Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/firefox/firefox_profile.py:67
                with open(
                    os.path.join(os.path.dirname(__file__), WEBDRIVER_PREFERENCES), encoding="utf-8"
                ) as default_prefs:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d5624826c8e24ab Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/firefox/firefox_profile.py:91
        with open(user_prefs, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #286638428aaaefb6 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/firefox/firefox_profile.py:165
        with open(userjs, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #560798bcac6236c3 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/firefox/firefox_profile.py:196
                    with open(os.path.join(tmpdir, name), "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9e7f6aa4b7c348b Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/firefox/firefox_profile.py:287
                    with open(manifest_json_filename, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c8bb2458b8c5862 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/firefox/firefox_profile.py:290
                with open(os.path.join(addon_path, "install.rdf"), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #270ba60d9dd14fde Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/firefox/service.py:52
        if os.environ.get("SE_DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94c54f34670c7d78 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/firefox/webdriver.py:134
            with open(path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e00765b6d584ccf3 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/firefox/webdriver.py:171
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e659452e4c582dbb Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/ie/service.py:61
        if os.environ.get("SE_DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84268cbec80baa7b Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/remote/client_config.py:121
            (os.getenv("REQUESTS_CA_BUNDLE") if "REQUESTS_CA_BUNDLE" in os.environ else certifi.where())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c900a39eebc67ffd Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/remote/client_config.py:137
            _no_proxy = os.environ.get("no_proxy", os.environ.get("NO_PROXY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc4f999a1c16bf26 Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/remote/client_config.py:147
            return os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60a7a0d4fa595679 Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/remote/client_config.py:147
            return os.environ.get(
                "https_proxy" if self.remote_server_addr.startswith("https://") else "http_proxy",
                os.environ.get("HTTPS_PROXY" if self.remote_server_addr.startswith("https://") else "HTTP_PROXY"),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de66df9dff601364 Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/remote/client_config.py:149
                os.environ.get("HTTPS_PROXY" if self.remote_server_addr.startswith("https://") else "HTTP_PROXY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ba3a98b25b9afc5 Environment-variable access.
pkgs/python/[email protected]/selenium/webdriver/remote/remote_connection.py:156
    _ca_certs = os.getenv("REQUESTS_CA_BUNDLE") if "REQUESTS_CA_BUNDLE" in os.environ else certifi.where()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c9ea1d479d7d1a1 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/remote/webdriver.py:958
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acc53a5339690c71 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/remote/webdriver.py:1573
            with open(zip_file, "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84bb08f0ef93d735 Filesystem access.
pkgs/python/[email protected]/selenium/webdriver/remote/webelement.py:457
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

serpapi

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #8b776a1ddb2c699a Environment-variable access.
pkgs/python/[email protected]/serpapi/utils.py:5
    return os.getenv("SERP_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

snowflake-sqlalchemy

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #17cf06cfa30d923f Filesystem access.
pkgs/python/[email protected]/snyk/update_requirements.py:7
    pyproject = tomlkit.loads(Path("pyproject.toml").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6cb668c9030f300 Environment-variable access.
pkgs/python/[email protected]/src/snowflake/sqlalchemy/util.py:206
    value = os.environ.get(SNOWFLAKE_SQLALCHEMY_LEGACY_URL_PARAMS, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

sqlalchemy

python dependency
expand_more 28 low-confidence finding(s)
low env_fs dependency Excluded from app score #a2bcd31fd240acb4 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:42
            with open(
                Path(cachedir) / "sqla_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bfe4af05b8297b5 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:56
            with open(
                Path(cachedir) / "plain_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fde17569f04bceaa Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:106
            os.environ.pop("MYPY_FORCE_COLOR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85386810eb1c0a50 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:146
        with open(path) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1e04b6e27651d06 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:398
    if os.environ.get("REQUIRE_SQLALCHEMY_CEXT", "0") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27dcf28f09b3115b Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:455
            with open(options.write_idents, "a") as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74a0602615478718 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/pytestplugin.py:880
        return os.environ.get("PYTEST_CURRENT_TEST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c39d1335275511d2 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:200
            profile_f = open(self.fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #682ef0c8fa748ae5 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:219
        profile_f = open(self.fname, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e8e1300dddea608 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/provision.py:453
    with open(idents_file) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be4c7338e9bb564e Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/util/_has_cy.py:27
    if os.environ.get("DISABLE_SQLALCHEMY_CEXT_RUNTIME"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e51aab2455961ff6 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:134
            Path(destination_path).write_text(
                text, encoding="utf-8", newline="\n"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8079ba150baa93b Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:146
            with open(tempfile) as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45cb5d320b812cbe Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:162
            with open(source_file, encoding="utf-8") as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcb797bd058f4c0d Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:169
        with open(destination_path, encoding="utf-8") as dp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe1e821adfc07ba3 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:95
    cmd.extend(os.environ.get(dburl_env, default_dburl).split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e5c61c6c2400961 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:106
    env_dbdrivers = os.environ.get(extra_driver_env, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54689aa912e8f60c Environment-variable access.
pkgs/python/[email protected]/noxfile.py:269
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81cf58c215bf2d8d Environment-variable access.
pkgs/python/[email protected]/setup.py:23
DISABLE_EXTENSION = bool(os.environ.get("DISABLE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6698a8d5c432a8d7 Environment-variable access.
pkgs/python/[email protected]/setup.py:24
REQUIRE_EXTENSION = bool(os.environ.get("REQUIRE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #76f19f7c49c353fb Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:155
    original = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f75b79125c1c1d07 Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:313
                file.write_text(updated, "utf-8", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cec17dbe6c5ea736 Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:145
    with open(fn.__code__.co_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a1bfd1365dbcd4eb Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:373
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bb14f7a76cc406c3 Filesystem access.
pkgs/python/[email protected]/tools/generate_sql_functions.py:38
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #297fc57af492734d Filesystem access.
pkgs/python/[email protected]/tools/generate_tuple_map_overloads.py:53
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #98afc68dfda11255 Filesystem access.
pkgs/python/[email protected]/tools/normalize_file_headers.py:27
    content = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e3e1a1d43b83294c Filesystem access.
pkgs/python/[email protected]/tools/sync_test_files.py:35
    source_data = Path(source).read_text().replace(remove_str, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

stagehand

python dependency
expand_more 58 low-confidence finding(s)
low env_fs tooling reachable #963e1ad79f06533d Environment-variable access.
pkgs/python/[email protected]/examples/act_example.py:49
        browserbase_api_key=os.environ.get("BROWSERBASE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #6901c25e5272a623 Environment-variable access.
pkgs/python/[email protected]/examples/act_example.py:50
        model_api_key=os.environ.get("MODEL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0c5ad86901f73cb6 Environment-variable access.
pkgs/python/[email protected]/examples/agent_execute.py:46
    model_name = os.environ.get("STAGEHAND_MODEL", "anthropic/claude-sonnet-4-6")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #dcc16e5b89e33370 Environment-variable access.
pkgs/python/[email protected]/examples/byob_example.py:53
        browserbase_api_key=os.environ.get("BROWSERBASE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ee1809fecedb5dbf Environment-variable access.
pkgs/python/[email protected]/examples/byob_example.py:54
        model_api_key=os.environ.get("MODEL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #74bed959a0907c5d Filesystem access.
pkgs/python/[email protected]/examples/env.py:28
    for line in env_path.read_text().splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #31dfa646cf23ce9a Environment-variable access.
pkgs/python/[email protected]/examples/env.py:35
        os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a01acc613e543ec2 Environment-variable access.
pkgs/python/[email protected]/examples/env.py:37
    missing = [key for key in sorted(REQUIRED_KEYS) if not os.environ.get(key)]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #474cafbc661a8509 Environment-variable access.
pkgs/python/[email protected]/examples/env.py:48
        os.environ.setdefault("STAGEHAND_SEA_BINARY", str(sea_binary))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #35a4cce5c94f6d8d Environment-variable access.
pkgs/python/[email protected]/examples/full_example.py:51
        browserbase_api_key=os.environ.get("BROWSERBASE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #17bf6217ab992873 Environment-variable access.
pkgs/python/[email protected]/examples/full_example.py:52
        model_api_key=os.environ.get("MODEL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e940d227bf507997 Environment-variable access.
pkgs/python/[email protected]/examples/full_example.py:143
                        "api_key": os.environ.get("MODEL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f58516b903498ef6 Environment-variable access.
pkgs/python/[email protected]/examples/local_browser_playwright_example.py:79
    model_api_key = os.environ.get("MODEL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #917a7b3a454a5dce Environment-variable access.
pkgs/python/[email protected]/examples/local_browser_playwright_example.py:83
    bb_api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ebc7c63ea0da9a1e Environment-variable access.
pkgs/python/[email protected]/examples/local_example.py:48
    model_key = os.environ.get("MODEL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bb87187f72249f2b Environment-variable access.
pkgs/python/[email protected]/examples/local_server_multiregion_browser_example.py:50
    model_api_key = os.environ.get("MODEL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #989a4a461e326952 Environment-variable access.
pkgs/python/[email protected]/examples/local_server_multiregion_browser_example.py:54
    bb_api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #16f76144468f72c0 Environment-variable access.
pkgs/python/[email protected]/examples/logging_example.py:24
        browserbase_api_key=os.environ.get("BROWSERBASE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #96e99d6de2cd4a1b Environment-variable access.
pkgs/python/[email protected]/examples/logging_example.py:25
        model_api_key=os.environ.get("MODEL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #947451bc6ef1937e Environment-variable access.
pkgs/python/[email protected]/examples/playwright_page_example.py:49
    model_api_key = os.environ.get("MODEL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bdd0de0074516510 Environment-variable access.
pkgs/python/[email protected]/examples/playwright_page_example.py:53
    bb_api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8a66b3a6af026181 Environment-variable access.
pkgs/python/[email protected]/examples/pydoll_tab_example.py:118
    model_api_key = os.environ.get("MODEL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ac747225e2e0c009 Environment-variable access.
pkgs/python/[email protected]/examples/pydoll_tab_example.py:122
    bb_api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ad615daf85e2de0c Environment-variable access.
pkgs/python/[email protected]/examples/remote_browser_playwright_example.py:51
    model_api_key = os.environ.get("MODEL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1c5f2b88166eb5e8 Environment-variable access.
pkgs/python/[email protected]/examples/remote_browser_playwright_example.py:55
    bb_api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #983c07a7293dda2b Filesystem access.
pkgs/python/[email protected]/examples/vertex_auth_example.py:43
    for line in env_path.read_text().splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #6fc8013c73e888a0 Environment-variable access.
pkgs/python/[email protected]/examples/vertex_auth_example.py:48
        os.environ.setdefault(key, value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fa2b34bc0f8bedcd Environment-variable access.
pkgs/python/[email protected]/examples/vertex_auth_example.py:52
    inline_json = os.environ.get("VERTEX_SERVICE_ACCOUNT_JSON")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b099bde49afd2b74 Environment-variable access.
pkgs/python/[email protected]/examples/vertex_auth_example.py:56
        credentials_path = os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #314bd9b564e77e9e Filesystem access.
pkgs/python/[email protected]/examples/vertex_auth_example.py:62
        credentials = json.loads(Path(credentials_path).expanduser().read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4378f93c5a0a29f3 Environment-variable access.
pkgs/python/[email protected]/examples/vertex_auth_example.py:78
    project = os.environ.get("VERTEX_PROJECT") or credentials.get("project_id")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #81324a4b3f004d0d Environment-variable access.
pkgs/python/[email protected]/examples/vertex_auth_example.py:82
    location = os.environ.get("VERTEX_LOCATION", "us-central1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2fbfa0a5a8150a16 Environment-variable access.
pkgs/python/[email protected]/examples/vertex_auth_example.py:83
    model_name = os.environ.get("VERTEX_MODEL", "vertex/gemini-2.5-flash")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8c5abcef63282d87 Environment-variable access.
pkgs/python/[email protected]/examples/vertex_auth_example.py:104
    browserbase_api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b9a396cddd5f68ff Environment-variable access.
pkgs/python/[email protected]/examples/vertex_auth_example.py:125
    bootstrap_model = os.environ.get("STAGEHAND_BOOTSTRAP_MODEL", "openai/gpt-4.1-mini")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4528eff32a96920e Environment-variable access.
pkgs/python/[email protected]/hatch_build.py:45
        wheel_tag = os.environ.get("STAGEHAND_WHEEL_TAG", "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8863cce6ab59b1d Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_client.py:141
            browserbase_api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b20a42fe1359731a Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_client.py:165
        custom_headers_env = os.environ.get("STAGEHAND_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5a82a383beb4a80 Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_client.py:432
            browserbase_api_key = os.environ.get("BROWSERBASE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b9960bca36942cb Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_client.py:456
        custom_headers_env = os.environ.get("STAGEHAND_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5fb27a97a67a4ad Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_custom/sea_binary.py:32
        root = Path(os.environ.get("LOCALAPPDATA", str(Path.home() / "AppData" / "Local")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33479c5cceb63197 Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_custom/sea_binary.py:34
        root = Path(os.environ.get("XDG_CACHE_HOME", str(Path.home() / ".cache")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #054dc33801bf3889 Filesystem access.
pkgs/python/[email protected]/src/stagehand/_custom/sea_binary.py:73
    data = src.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf2c8193941d3c56 Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_custom/sea_binary.py:91
    env = os.environ.get("STAGEHAND_SEA_BINARY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccfcb5e5029781c6 Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_custom/sea_binary.py:104
            version = os.environ.get("STAGEHAND_VERSION") or __version__

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #797407408ae4bbe7 Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_custom/sea_server.py:149
        proc_env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a57f0a88b1e05d6 Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_custom/sea_server.py:332
        base_url = os.environ.get("STAGEHAND_API_URL") or os.environ.get("STAGEHAND_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90e30f663a0fbfcd Filesystem access.
pkgs/python/[email protected]/src/stagehand/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf24f5c758dd3e55 Filesystem access.
pkgs/python/[email protected]/src/stagehand/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df80bac9fa902438 Filesystem access.
pkgs/python/[email protected]/src/stagehand/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32dabec4bc2895ad Filesystem access.
pkgs/python/[email protected]/src/stagehand/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd361aeeffac6346 Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa69908d524c2a79 Filesystem access.
pkgs/python/[email protected]/src/stagehand/_response.py:495
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8241814700b8ad16 Filesystem access.
pkgs/python/[email protected]/src/stagehand/_response.py:537
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b80191d0a193f61b Environment-variable access.
pkgs/python/[email protected]/src/stagehand/_utils/_logs.py:17
    env = os.environ.get("STAGEHAND_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c9e0d1d78cb2e22 Filesystem access.
pkgs/python/[email protected]/src/stagehand/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88951d264c7ccb6f Filesystem access.
pkgs/python/[email protected]/src/stagehand/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18940e633bbd9de9 Filesystem access.
pkgs/python/[email protected]/src/stagehand/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

textual

python dependency
expand_more 27 low-confidence finding(s)
low env_fs tooling reachable #8149c15e5099feec Filesystem access.
pkgs/python/[email protected]/docs/examples/guide/content/renderables.py:27
        with open(__file__) as self_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a09c02ee9d940d0e Filesystem access.
pkgs/python/[email protected]/docs/examples/widgets/text_area_custom_language.py:9
java_highlight_query = (Path(__file__).parent / "java_highlights.scm").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01c733407ec29c5c Filesystem access.
pkgs/python/[email protected]/src/textual/__init__.py:93
            with open(constants.LOG_FILE, "a", encoding="utf-8") as log_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9fe476332293e38 Filesystem access.
pkgs/python/[email protected]/src/textual/_doc.py:108
            with open(path, "rb") as source_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7059be57b2eb2063 Filesystem access.
pkgs/python/[email protected]/src/textual/_doc.py:120
            return screenshot_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d4e953004220daf Filesystem access.
pkgs/python/[email protected]/src/textual/_doc.py:152
        screenshot_path.write_text(svg)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3b11b608ec54318 Environment-variable access.
pkgs/python/[email protected]/src/textual/_xterm_parser.py:50
    os.environ.get("LC_TERMINAL", "") == "iTerm2"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98637128311ab74d Environment-variable access.
pkgs/python/[email protected]/src/textual/_xterm_parser.py:51
    or os.environ.get("TERM_PROGRAM", "") == "iTerm.app"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c540f772cf6070f Filesystem access.
pkgs/python/[email protected]/src/textual/_xterm_parser.py:71
        self._debug_log_file = open("keys.log", "at") if debug else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77d407f2461d9ff1 Environment-variable access.
pkgs/python/[email protected]/src/textual/app.py:596
        self.features: frozenset[FeatureFlag] = parse_features(os.getenv("TEXTUAL", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99fb68bb5bdc6bfe Environment-variable access.
pkgs/python/[email protected]/src/textual/app.py:613
        environ = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e0da4e496c85afd Filesystem access.
pkgs/python/[email protected]/src/textual/app.py:1914
        with open(svg_path, "w", encoding="utf-8") as svg_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #756bcdeb01ef28b1 Environment-variable access.
pkgs/python/[email protected]/src/textual/constants.py:14
get_environ = os.environ.get

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #519039e0f44b1d5a Environment-variable access.
pkgs/python/[email protected]/src/textual/constants.py:46
        value = int(os.environ[name])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2dc715d85daab8a Environment-variable access.
pkgs/python/[email protected]/src/textual/constants.py:73
        value = int(os.environ[name])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca16e6685e2529ac Filesystem access.
pkgs/python/[email protected]/src/textual/css/stylesheet.py:300
            with open(filename, "rt", encoding="utf-8") as css_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9638fe6b78787064 Filesystem access.
pkgs/python/[email protected]/src/textual/demo/_project_stargazer_updater.py:42
    with open(
        os.path.join(os.path.dirname(__file__), "_project_stars.py"), "w"
    ) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e531bf4c44d4fcd6 Filesystem access.
pkgs/python/[email protected]/src/textual/demo/page.py:71
            with open(source_file, "rt", encoding="utf-8") as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdc78a46a6152112 Filesystem access.
pkgs/python/[email protected]/src/textual/driver.py:244
                with open(
                    save_path, mode, encoding=encoding or "utf-8"
                ) as destination_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad2e41aa154334e Environment-variable access.
pkgs/python/[email protected]/src/textual/drivers/linux_driver.py:322
        if os.environ.get("TERM_PROGRAM", "") != "Apple_Terminal":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b2611c99cc05925 Environment-variable access.
pkgs/python/[email protected]/src/textual/drivers/linux_driver.py:338
        ISIG = 0 if os.environ.get("TEXTUAL_ALLOW_SIGNALS") else termios.ISIG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c63d364aadcb69a7 Environment-variable access.
pkgs/python/[email protected]/src/textual/drivers/linux_inline_driver.py:251
        if os.environ.get("TERM_PROGRAM", "") != "Apple_Terminal":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #093a5feb22ec6dcf Environment-variable access.
pkgs/python/[email protected]/src/textual/drivers/linux_inline_driver.py:267
        ISIG = 0 if os.environ.get("TEXTUAL_ALLOW_SIGNALS") else termios.ISIG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3cfbae0afaec1ab Environment-variable access.
pkgs/python/[email protected]/src/textual/drivers/web_driver.py:54
                width = int(os.environ.get("COLUMNS", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34c3f1db17999836 Environment-variable access.
pkgs/python/[email protected]/src/textual/drivers/web_driver.py:55
                height = int(os.environ.get("ROWS", 24))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0a6ca093afe1b80 Environment-variable access.
pkgs/python/[email protected]/src/textual/geometry.py:1483
if not TYPE_CHECKING and os.environ.get("TEXTUAL_SPEEDUPS", "1") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cac5e51a6a4191af Filesystem access.
pkgs/python/[email protected]/src/textual/widgets/_text_area.py:789
            highlight_query = highlight_query_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tiktoken

python dependency
expand_more 13 low-confidence finding(s)
low env_fs tooling reachable #26570c6fc2ca2e39 Environment-variable access.
pkgs/python/[email protected]/scripts/benchmark.py:16
    num_threads = int(os.environ["RAYON_NUM_THREADS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #482749f477fe6245 Filesystem access.
pkgs/python/[email protected]/scripts/redact.py:11
    text = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3c77420df485a0a2 Filesystem access.
pkgs/python/[email protected]/scripts/redact.py:35
            path.write_text(redacted_text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e76c25f2c8161e57 Filesystem access.
pkgs/python/[email protected]/scripts/wheel_download.py:35
        with open(temp_zip, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08fb690c028d8ff2 Filesystem access.
pkgs/python/[email protected]/tiktoken/_educational.py:212
    with open(__file__) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be834880036bae66 Filesystem access.
pkgs/python/[email protected]/tiktoken/load.py:10
        with open(blobpath, "rb", buffering=0) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79c700476784d44b Filesystem access.
pkgs/python/[email protected]/tiktoken/load.py:27
    return blobfile.read_bytes(blobpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46d2fd839b88d4b6 Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:37
    if "TIKTOKEN_CACHE_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd8aa2206128c473 Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:38
        cache_dir = os.environ["TIKTOKEN_CACHE_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9396b1c73acb05c0 Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:39
    elif "DATA_GYM_CACHE_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #237910ca8cea289b Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:40
        cache_dir = os.environ["DATA_GYM_CACHE_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c28aed304a3cacd Filesystem access.
pkgs/python/[email protected]/tiktoken/load.py:55
        with open(cache_path, "rb", buffering=0) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #066e63047342d45b Filesystem access.
pkgs/python/[email protected]/tiktoken/load.py:78
        with open(tmp_filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tinytag

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #aa879f97fc75ac36 Filesystem access.
pkgs/python/[email protected]/tinytag/__main__.py:104
                    with open(actual_image_path, 'wb') as file_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2e8f4a5ef75280c Environment-variable access.
pkgs/python/[email protected]/tinytag/tinytag.py:52
_DEBUG = bool(environ.get('TINYTAG_DEBUG'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8944e6e9bc124e61 Filesystem access.
pkgs/python/[email protected]/tinytag/tinytag.py:129
                file_obj = open(filename, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tokenizers

python dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #12b9adedc651a60e Environment-variable access.
pkgs/python/[email protected]/bindings/python/benches/test_tiktoken.py:29
    os.environ["RAYON_NUM_THREADS"] = str(num_threads)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #28016dd5e426d7de Filesystem access.
pkgs/python/[email protected]/bindings/python/examples/example.py:29
    with open(args.file, "r") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #55ec01a6800bace9 Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/convert.py:52
    m.ParseFromString(open(filename, "rb").read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e2dba56e3adb6128 Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/convert.py:342
    with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #601662e21b4179da Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/sentencepiece_extractor.py:61
        with open(self._model, "r") as model_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #aa45a1d0af099fae Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/sentencepiece_extractor.py:134
        with open(args.vocab_output_path, "w") as vocab_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7ead836096575f08 Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/sentencepiece_extractor.py:135
            with open(args.merges_output_path, "w") as merges_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8989ed2b65660cf4 Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/spm_parity_check.py:99
    with open(args.input_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2392c0e8535e76fc Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/spm_parity_check.py:226
    with open(args.input_file, "r", encoding="utf-8-sig") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4aee84e21707d57c Filesystem access.
pkgs/python/[email protected]/py_src/tokenizers/implementations/sentencepiece_unigram.py:160
        m.ParseFromString(open(filename, "rb").read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fe003f6aeb51463c Filesystem access.
pkgs/python/[email protected]/py_src/tokenizers/tools/visualizer.py:12
with open(css_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tomlkit

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #ce8a264efaf90113 Filesystem access.
pkgs/python/[email protected]/tomlkit/toml_file.py:31
        with open(self._path, encoding="utf-8", newline="") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b36d3c9b101e0f34 Filesystem access.
pkgs/python/[email protected]/tomlkit/toml_file.py:58
        with open(self._path, "w", encoding="utf-8", newline="") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

unstructured

python dependency
expand_more 79 low-confidence finding(s)
low env_fs dependency Excluded from app score #30bd1efe99355537 Environment-variable access.
pkgs/python/[email protected]/unstructured/embed/mixedbreadai.py:35
        default_factory=lambda: SecretStr(os.environ.get("MXBAI_API_KEY")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0611c1c73e121e95 Environment-variable access.
pkgs/python/[email protected]/unstructured/embed/vertexai.py:28
        os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = application_credentials_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b65be5cd55df906a Filesystem access.
pkgs/python/[email protected]/unstructured/file_utils/encoding.py:67
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #685f761df180a8d5 Filesystem access.
pkgs/python/[email protected]/unstructured/file_utils/encoding.py:83
                    with open(filename, encoding=enc) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d92463134002ac13 Filesystem access.
pkgs/python/[email protected]/unstructured/file_utils/encoding.py:127
            with open(filename, encoding=formatted_encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff1b17103581ce6f Filesystem access.
pkgs/python/[email protected]/unstructured/file_utils/file_conversion.py:72
            with open(tmp_file_path, "wb") as tmp_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85ed55ce2ab38020 Filesystem access.
pkgs/python/[email protected]/unstructured/file_utils/filetype.py:528
            with open(self.file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68eedcc9fb53e7ae Filesystem access.
pkgs/python/[email protected]/unstructured/file_utils/filetype.py:592
            with open(file_path, encoding=self.encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f8057a08ff1a5e9 Filesystem access.
pkgs/python/[email protected]/unstructured/file_utils/filetype.py:596
            with open(file_path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb18540cdbda97b2 Filesystem access.
pkgs/python/[email protected]/unstructured/file_utils/filetype.py:615
            with open(file_path, encoding=self.encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d6a6d2d6f71e4d2 Filesystem access.
pkgs/python/[email protected]/unstructured/file_utils/filetype.py:621
            with open(file_path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc47c5f319660d50 Environment-variable access.
pkgs/python/[email protected]/unstructured/metrics/evaluate.py:163
        max_processors = int(os.environ.get("MAX_PROCESSES", os.cpu_count()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92033413c38c2676 Filesystem access.
pkgs/python/[email protected]/unstructured/metrics/evaluate.py:847
            with open(gt_file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f3b631c940f1c80 Filesystem access.
pkgs/python/[email protected]/unstructured/metrics/object_detection.py:101
        with open(prediction_file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fbaa602a92aa82b Filesystem access.
pkgs/python/[email protected]/unstructured/metrics/object_detection.py:103
        with open(ground_truth_file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46529269a0e1ec71 Filesystem access.
pkgs/python/[email protected]/unstructured/metrics/table/table_eval.py:216
        with open(prediction_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba21668116998965 Filesystem access.
pkgs/python/[email protected]/unstructured/metrics/table/table_eval.py:218
        with open(ground_truth_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a46a24056efff2e Filesystem access.
pkgs/python/[email protected]/unstructured/metrics/utils.py:243
        with open(path, errors="ignore") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ef208f56702246f Filesystem access.
pkgs/python/[email protected]/unstructured/nlp/english_words.py:12
with open(ENGLISH_WORDS_FILE) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c572540e11c30dc0 Filesystem access.
pkgs/python/[email protected]/unstructured/nlp/tokenize.py:43
            with open(dest, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8074a7e5373400fc Filesystem access.
pkgs/python/[email protected]/unstructured/nlp/tokenize.py:64
        with open(whl_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d85da54dd8dbc140 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/api.py:100
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40a3ebe60b2ad4a3 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/api.py:290
            files = [stack.enter_context(open(f, "rb")) for f in filenames]  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8f05ecb61c9836a Filesystem access.
pkgs/python/[email protected]/unstructured/partition/common/common.py:389
        with open(file.name, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7416e903fc0d6dbe Filesystem access.
pkgs/python/[email protected]/unstructured/partition/csv.py:173
            with open(self._file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70e02594af28f6b3 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/doc.py:69
            with open(source_file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #810ba9b65bd91c69 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/email.py:228
            with open(self._file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10752bc11061c254 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/json.py:58
        with open(filename, encoding="utf8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8a6254df6fc7958 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/model_init.py:11
    supported_model = os.environ.get("UNSTRUCTURED_HI_RES_SUPPORTED_MODEL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd90749736198187 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/model_init.py:16
    get_model(os.environ.get("UNSTRUCTURED_HI_RES_MODEL_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4d84b1ff2cbc120 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/msg.py:260
            with open(detached_file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c4e871991e38afc Filesystem access.
pkgs/python/[email protected]/unstructured/partition/ndjson.py:59
        with open(filename, encoding="utf8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daa23812774fdcbe Filesystem access.
pkgs/python/[email protected]/unstructured/partition/odt.py:95
        with open(source_file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd8f700027785986 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/odt.py:117
        allow_no_sandbox = os.environ.get("ALLOW_PANDOC_NO_SANDBOX", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6443c55f2cbe8761 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/pdf.py:122
    return os.environ.get("UNSTRUCTURED_HI_RES_MODEL_NAME", DEFAULT_MODEL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d3c7fd88f59d317 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/pdf_image/analysis/layout_dump.py:202
            with open(analysis_save_dir / f"{dumper.layout_source}.json", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91e1494147486902 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/pdf_image/analysis/tools.py:159
        with open(analysis_dump_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #245e5391a18d6c87 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/pdf_image/ocr.py:83
        with open(tmp_file_path, "wb") as tmp_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8614f51f577406a Filesystem access.
pkgs/python/[email protected]/unstructured/partition/pdf_image/pdf_image_utils.py:160
                with open(tmp_file_path, "wb") as tmp_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38b1a52587257884 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/pdf_image/pdfminer_processing.py:873
    memory_cap_in_gb = float(os.getenv("UNST_MATMUL_MEMORY_CAP_IN_GB", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df052af3567994c6 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/pdf_image/pdfminer_utils.py:522
                    page = next(PDFPage.get_pages(open(tmp_file_path, "rb")))  # noqa: SIM115

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e883cc8e79517498 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/pdf_image/pdfminer_utils.py:532
            pages = PDFPage.get_pages(open(tmp_file_path, "rb"))  # noqa: SIM115

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d69041991e985873 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/ppt.py:50
            with open(tmp_file_path, "wb") as tmp_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a78ba241d5eb9e2 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/text_type.py:54
    _language_checks = os.environ.get("UNSTRUCTURED_LANGUAGE_CHECKS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13c61c01798517e8 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/text_type.py:72
        os.environ.get("UNSTRUCTURED_NARRATIVE_TEXT_CAP_THRESHOLD", cap_threshold),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73fe06ff980fd2c6 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/text_type.py:79
        os.environ.get("UNSTRUCTURED_NARRATIVE_TEXT_NON_ALPHA_THRESHOLD", non_alpha_threshold),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ce67d2e671d1f3f Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/text_type.py:117
    _language_checks = os.environ.get("UNSTRUCTURED_LANGUAGE_CHECKS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #667f52156bcf42d3 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/text_type.py:129
        os.environ.get("UNSTRUCTURED_TITLE_MAX_WORD_LENGTH", title_max_word_length),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cfda04d4ae98b1f Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/text_type.py:137
        os.environ.get("UNSTRUCTURED_TITLE_NON_ALPHA_THRESHOLD", non_alpha_threshold),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5568c14c267d5089 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/config.py:36
        return os.environ.get(var, default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c2dff2b8e3c3b5c Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/config.py:157
        if "WHISPER_FP16" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c45970a8c1161a9 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/constants.py:37
OCR_AGENT_MODULES_WHITELIST = os.getenv(
    "OCR_AGENT_MODULES_WHITELIST",
    "unstructured.partition.utils.ocr_models.tesseract_ocr,"
    "unstructured.partition.utils.ocr_models.paddle_ocr,"
    "unstructured.partition.utils.ocr_models.google_vision_ocr",
).split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cd88472b9191422 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/constants.py:48
STT_AGENT_MODULES_WHITELIST = os.getenv(
    "STT_AGENT_MODULES_WHITELIST",
    "unstructured.partition.utils.speech_to_text.whisper_stt",
).split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33aed0a2ff68c0de Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/constants.py:53
UNSTRUCTURED_INCLUDE_DEBUG_METADATA = os.getenv("UNSTRUCTURED_INCLUDE_DEBUG_METADATA", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a874ce5904a8dd1 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/ocr_models/tesseract_ocr.py:32
if "OMP_THREAD_LIMIT" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a68f448e57cc46f Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/ocr_models/tesseract_ocr.py:33
    os.environ["OMP_THREAD_LIMIT"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5c52e43d302322a Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/sorting.py:125
        os.environ.get("UNSTRUCTURED_XY_CUT_BBOX_SHRINK_FACTOR", shrink_factor),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #134f660788c02604 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/sorting.py:128
    xy_cut_primary_direction = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcdd75c5c3dffb1e Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/sorting.py:128
    xy_cut_primary_direction = os.environ.get(
        "UNSTRUCTURED_XY_CUT_PRIMARY_DIRECTION",
        xy_cut_primary_direction,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1b47c1da47b0b2c Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/sorting.py:245
            os.environ.get("UNSTRUCTURED_XY_CUT_BBOX_SHRINK_FACTOR", shrink_factor),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f88db4973a838b7 Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/sorting.py:248
        xy_cut_primary_direction = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0bea92f972b5a8a Environment-variable access.
pkgs/python/[email protected]/unstructured/partition/utils/sorting.py:248
        xy_cut_primary_direction = os.environ.get(
            "UNSTRUCTURED_XY_CUT_PRIMARY_DIRECTION",
            xy_cut_primary_direction,
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80072afefe0656f0 Filesystem access.
pkgs/python/[email protected]/unstructured/partition/xlsx.py:210
            with open(self._file_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21a9cbdb47263bfb Environment-variable access.
pkgs/python/[email protected]/unstructured/safe_http.py:68
    return os.environ.get(_ENV_VAR, "").strip().lower() in _TRUTHY_ENV_VALUES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7059b58edb7abe85 Filesystem access.
pkgs/python/[email protected]/unstructured/staging/base.py:230
        with open(filename, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b00292b1b6721e32 Filesystem access.
pkgs/python/[email protected]/unstructured/staging/base.py:347
        with open(filename, "w", encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf4fcf3aebe1f80b Filesystem access.
pkgs/python/[email protected]/unstructured/staging/base.py:423
            with open(filename, "w", encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0164fdf6a14c4f5 Filesystem access.
pkgs/python/[email protected]/unstructured/staging/base.py:452
        with open(filename, "w", encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c092134a01302a3 Filesystem access.
pkgs/python/[email protected]/unstructured/staging/base.py:475
        with open(filename, "w", encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d15c3d3e04ce6487 Filesystem access.
pkgs/python/[email protected]/unstructured/staging/base.py:544
        with open(filename, "w", encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33f0abf359a7e457 Filesystem access.
pkgs/python/[email protected]/unstructured/staging/label_box.py:85
        with open(output_filepath, "w+") as output_text_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ab676cbb145775e Filesystem access.
pkgs/python/[email protected]/unstructured/utils.py:71
    with open(filename, "w+") as output_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9bf7848aaf19282 Filesystem access.
pkgs/python/[email protected]/unstructured/utils.py:76
    with open(filename) as input_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9767c950da7208b6 Environment-variable access.
pkgs/python/[email protected]/unstructured/utils.py:168
    return bool((os.getenv("DO_NOT_TRACK") or "").strip()) or bool(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce08dc39e3bb718f Environment-variable access.
pkgs/python/[email protected]/unstructured/utils.py:169
        (os.getenv("SCARF_NO_ANALYTICS") or "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0356e7ab7d6f30a8 Environment-variable access.
pkgs/python/[email protected]/unstructured/utils.py:175
    return (os.getenv("UNSTRUCTURED_TELEMETRY_ENABLED") or "").strip().lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #55153a1e8ba3c705 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/unstructured/utils.py:199
        requests.get(
            "https://packages.unstructured.io/python-telemetry",
            params={
                "version": __version__,
                "platform": platform.system(),
                "python": python_version,
                "arch": platform.machine(),
                "gpu": str(gpu_present),
                "dev": str("dev" in __version__).lower(),
            },
            timeout=10,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #962ba8aba4eb3518 Filesystem access.
pkgs/python/[email protected]/unstructured/utils.py:696
            with open(self.file_path) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77cf65c27b360b02 Filesystem access.
pkgs/python/[email protected]/unstructured/utils.py:702
            with open(self.file_path, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

voyageai

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #5ae59946eb0c2611 Filesystem access.
pkgs/python/[email protected]/voyageai/_base.py:33
        with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #184955a75b6f6057 Environment-variable access.
pkgs/python/[email protected]/voyageai/util.py:12
VOYAGE_LOG = os.environ.get("VOYAGE_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #574661b45b190e04 Environment-variable access.
pkgs/python/[email protected]/voyageai/util.py:78
    api_key_path = voyageai.api_key_path or os.environ.get("VOYAGE_API_KEY_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69ac93ddc1c371f9 Environment-variable access.
pkgs/python/[email protected]/voyageai/util.py:79
    api_key = voyageai.api_key or os.environ.get("VOYAGE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e926fd61e42f738 Filesystem access.
pkgs/python/[email protected]/voyageai/util.py:83
        with open(api_key_path, "rt") as k:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf3d3f38c367d48c Filesystem access.
pkgs/python/[email protected]/voyageai/video_utils.py:76
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75b11cc64295b09f Filesystem access.
pkgs/python/[email protected]/voyageai/video_utils.py:164
        with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #507fa4cd1f5a588f Filesystem access.
pkgs/python/[email protected]/voyageai/video_utils.py:176
        with open(video, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a7e582a838ba7a2 Filesystem access.
pkgs/python/[email protected]/voyageai/video_utils.py:603
        with open(out_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

weaviate-client

python dependency
expand_more 32 low-confidence finding(s)
low env_fs dependency Excluded from app score #2bfc744c6411fe76 Environment-variable access.
pkgs/python/[email protected]/integration/conftest.py:358
        api_key = os.environ.get("OPENAI_APIKEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41401a068691fc82 Environment-variable access.
pkgs/python/[email protected]/integration/conftest.py:405
        api_key = os.environ.get("OPENAI_APIKEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ae2a496cd9639d9 Environment-variable access.
pkgs/python/[email protected]/integration/test_auth.py:47
    client_secret = os.environ.get(env_variable_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae75372758d86f96 Environment-variable access.
pkgs/python/[email protected]/integration/test_auth.py:101
    pw = os.environ.get(env_variable_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #774ccf31b304b593 Environment-variable access.
pkgs/python/[email protected]/integration/test_auth.py:188
    pw = os.environ.get(env_variable_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a908052fd8693a5 Environment-variable access.
pkgs/python/[email protected]/integration/test_auth.py:207
    pw = os.environ.get("OKTA_DUMMY_CI_PW")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #413654c62a806d04 Environment-variable access.
pkgs/python/[email protected]/integration/test_client.py:700
    with mock.patch.dict(os.environ, {"PYPI_PACKAGE_URL": "http://does-not-exist"}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48052f3ac4e9ac77 Environment-variable access.
pkgs/python/[email protected]/integration/test_client.py:707
    with mock.patch.dict(os.environ, {"PYPI_PACKAGE_URL": "http://does-not-exist"}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb0b4fd3054afe32 Environment-variable access.
pkgs/python/[email protected]/integration/test_collection_openai.py:584
    api_key = os.environ.get("COHERE_APIKEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6b54f36aed65824 Environment-variable access.
pkgs/python/[email protected]/integration/test_collection_openai.py:750
    api_key = os.environ.get("CONTEXTUAL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b121aa8df84006c Environment-variable access.
pkgs/python/[email protected]/integration/test_collection_openai.py:794
    api_key = os.environ.get("CONTEXTUAL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d38ef278f50db640 Environment-variable access.
pkgs/python/[email protected]/integration/test_collection_openai.py:837
    contextual_api_key = os.environ.get("CONTEXTUAL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09d9f69f366f85c6 Environment-variable access.
pkgs/python/[email protected]/integration/test_collection_rerank.py:31
    api_key = os.environ.get("COHERE_APIKEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c722941327885de9 Environment-variable access.
pkgs/python/[email protected]/integration/test_collection_rerank.py:85
    api_key = os.environ.get("COHERE_APIKEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d3f0c2e6bc19873 Environment-variable access.
pkgs/python/[email protected]/integration/test_collection_rerank.py:145
    api_key = os.environ.get("CONTEXTUAL_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ea6af2e0ae39658 Environment-variable access.
pkgs/python/[email protected]/integration/test_vectors.py:866
    api_key = os.environ.get("JINAAI_APIKEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56059bd8120bba87 Filesystem access.
pkgs/python/[email protected]/profiling/test_shutdown.py:48
    with open("uuids.json", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dbb3a1286387bd1 Filesystem access.
pkgs/python/[email protected]/profiling/test_sphere.py:33
        with open(sphere_file) as jsonl_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df9379ac3cc666e5 Filesystem access.
pkgs/python/[email protected]/profiling/test_sphere.py:82
        with open(sphere_file) as jsonl_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e6b4eccc53a6565a Filesystem access.
pkgs/python/[email protected]/tools/stubs.py:177
            with open(file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f84a78b61888d26a Environment-variable access.
pkgs/python/[email protected]/weaviate/__init__.py:50
os.environ["GRPC_VERBOSITY"] = "ERROR"  # https://github.com/danielmiessler/fabric/discussions/754

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75087631e5d88aa1 Environment-variable access.
pkgs/python/[email protected]/weaviate/collections/batch/base.py:61
    os.getenv("WEAVIATE_BATCH_MAX_RETRIES", "9.299")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4ecb54d013ba32e Environment-variable access.
pkgs/python/[email protected]/weaviate/connect/base.py:202
    http_proxy = (os.environ.get("HTTP_PROXY"), os.environ.get("http_proxy"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d92c0861fd76caaf Environment-variable access.
pkgs/python/[email protected]/weaviate/connect/base.py:203
    https_proxy = (os.environ.get("HTTPS_PROXY"), os.environ.get("https_proxy"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad211dfdf90fbff8 Environment-variable access.
pkgs/python/[email protected]/weaviate/connect/base.py:204
    grpc_proxy = (os.environ.get("GRPC_PROXY"), os.environ.get("grpc_proxy"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbc276acb5c3b5e0 Environment-variable access.
pkgs/python/[email protected]/weaviate/embedded.py:38
    persistence_data_path: str = os.environ.get("XDG_DATA_HOME", DEFAULT_PERSISTENCE_DATA_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6c11c974fdec9d9 Environment-variable access.
pkgs/python/[email protected]/weaviate/embedded.py:39
    binary_path: str = os.environ.get("XDG_CACHE_HOME", DEFAULT_BINARY_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #36397dfb3f926678 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/weaviate/embedded.py:91
            response = httpx.get("https://api.github.com/repos/weaviate/weaviate/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #042745a694cbed0b Environment-variable access.
pkgs/python/[email protected]/weaviate/embedded.py:205
        my_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0c0acf7f8fd7b1e Environment-variable access.
pkgs/python/[email protected]/weaviate/logger.py:5
logger.setLevel(os.getenv("WEAVIATE_LOG_LEVEL", "INFO"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88198c95086d3dfd Filesystem access.
pkgs/python/[email protected]/weaviate/util.py:83
        with open(image_or_image_path, "br") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20387c39da040927 Filesystem access.
pkgs/python/[email protected]/weaviate/util.py:126
            file = open(file_or_file_path, "br")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • instructor prod — sdist exceeds byte cap
  • lancedb prod — no sdist (wheels only)
  • docling prod — no python source in sdist
  • qdrant-edge-py prod — no sdist (wheels only)
  • pymupdf prod — sdist exceeds byte cap
  • spider-client prod — no sdist (wheels only)
  • playwright prod — no sdist (wheels only)
  • Pillow prod — sdist exceeds byte cap