Close Open Privacy Scan

bolt Snapshot: commit 1d932cc
science engine v3
schedule 2026-07-12T20:06:21.793581+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

57 /100
Medium privacy risk

Medium risk · 273 finding(s)

Dependency score: 87 (Low risk)

bar_chart Score Breakdown

telemetry −25
egress −15
env_fs −3

list Scan Summary

0 high 31 medium 242 low
First-party packages: 3
Dependency packages: 6
Ecosystem: python

swap_horiz External domains

your-app.authkit.app{os.getenv(

</> First-Party Code

first-party (python)

python first-party
medium telemetry production #8e53bd279a4d8363 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/examples/diagnostics/client_with_tracing.py:25
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ece8537f3922ce96 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/examples/diagnostics/client_with_tracing.py:26
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #367d2bb80cd3c2d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/examples/diagnostics/client_with_tracing.py:27
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6fdd781e620f8b70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/examples/diagnostics/client_with_tracing.py:28
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c93dec6d9113bf2f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/examples/diagnostics/client_with_tracing.py:29
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6b53174231876deb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/examples/run_with_tracing.py:28
    from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #84c775fbffe1d4fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/examples/run_with_tracing.py:29
    from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #50147a8e1561446b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/examples/run_with_tracing.py:30
    from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2aba0508cbc2bbc1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/examples/run_with_tracing.py:31
    from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #884de4cc58be7a0a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/examples/run_with_tracing.py:32
    from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7f10ee54d56a8652 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/client/mixins/tools.py:11
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fb179e80077248a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/client/telemetry.py:6
from opentelemetry.trace import Span, SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7e7d0ab6cf6310d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/server/sampling/run.py:29
from opentelemetry.trace import SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #23a0bb4d1029a3bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/server/telemetry.py:7
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3a11424cbc66f792 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/server/telemetry.py:8
from opentelemetry.trace import Span, SpanKind, Status, StatusCode, get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7f3343e44b9cdb29 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/telemetry.py:26
from opentelemetry import context as otel_context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9e8627d0ccdcca38 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/telemetry.py:27
from opentelemetry import propagate, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #14fa1c3881ed61bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/telemetry.py:28
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #754b3b33e6fb3849 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/telemetry.py:29
from opentelemetry.trace import Span, Status, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ad3b5f89727c13e1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/telemetry.py:30
from opentelemetry.trace import get_tracer as otel_get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 106 low-confidence finding(s)
low egress production #4a2afe30da883321 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/apps/map/map_server.py:35
    resp = httpx.get(
        NOMINATIM_URL,
        params={"q": query, "format": "json", "limit": 1},
        headers={"User-Agent": "fastmcp-map-example/1.0"},
        timeout=10,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3e1bd8b42e41c12d Environment-variable access.
repo/examples/auth/authkit/server.py:20
    authkit_domain=os.getenv("AUTHKIT_DOMAIN") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb77aff683c481e9 Environment-variable access.
repo/examples/auth/aws_oauth/server.py:29
    user_pool_id=os.getenv("FASTMCP_SERVER_AUTH_AWS_COGNITO_USER_POOL_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a698860894dc7e56 Environment-variable access.
repo/examples/auth/aws_oauth/server.py:30
    aws_region=os.getenv("FASTMCP_SERVER_AUTH_AWS_COGNITO_AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61d7f7ba52a453e7 Environment-variable access.
repo/examples/auth/aws_oauth/server.py:32
    client_id=os.getenv("FASTMCP_SERVER_AUTH_AWS_COGNITO_CLIENT_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4829665db4c8cef8 Environment-variable access.
repo/examples/auth/aws_oauth/server.py:33
    client_secret=os.getenv("FASTMCP_SERVER_AUTH_AWS_COGNITO_CLIENT_SECRET") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40be0b0c649ef81d Environment-variable access.
repo/examples/auth/azure_oauth/server.py:23
    client_id=os.getenv("FASTMCP_SERVER_AUTH_AZURE_CLIENT_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4ac0d032d7f04b8 Environment-variable access.
repo/examples/auth/azure_oauth/server.py:24
    client_secret=os.getenv("FASTMCP_SERVER_AUTH_AZURE_CLIENT_SECRET") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08e997e6f14ce223 Environment-variable access.
repo/examples/auth/azure_oauth/server.py:25
    tenant_id=os.getenv("FASTMCP_SERVER_AUTH_AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5116c9c2f9fdb46 Environment-variable access.
repo/examples/auth/clerk_oauth/server.py:21
    domain=os.getenv("FASTMCP_SERVER_AUTH_CLERK_DOMAIN") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fefe82db4e85348 Environment-variable access.
repo/examples/auth/clerk_oauth/server.py:22
    client_id=os.getenv("FASTMCP_SERVER_AUTH_CLERK_CLIENT_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c650504cb1286460 Environment-variable access.
repo/examples/auth/clerk_oauth/server.py:23
    client_secret=os.getenv("FASTMCP_SERVER_AUTH_CLERK_CLIENT_SECRET") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df147eb42fb15910 Environment-variable access.
repo/examples/auth/discord_oauth/server.py:19
    client_id=os.getenv("FASTMCP_SERVER_AUTH_DISCORD_CLIENT_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f570c84b4ae3d161 Environment-variable access.
repo/examples/auth/discord_oauth/server.py:20
    client_secret=os.getenv("FASTMCP_SERVER_AUTH_DISCORD_CLIENT_SECRET") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d2ab973d2888f78 Environment-variable access.
repo/examples/auth/github_oauth/server.py:19
    client_id=os.getenv("FASTMCP_SERVER_AUTH_GITHUB_CLIENT_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a44588106478376e Environment-variable access.
repo/examples/auth/github_oauth/server.py:20
    client_secret=os.getenv("FASTMCP_SERVER_AUTH_GITHUB_CLIENT_SECRET") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5ffe86499e29ba1 Environment-variable access.
repo/examples/auth/google_oauth/server.py:19
    client_id=os.getenv("FASTMCP_SERVER_AUTH_GOOGLE_CLIENT_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be2f10fbe953fb77 Environment-variable access.
repo/examples/auth/google_oauth/server.py:20
    client_secret=os.getenv("FASTMCP_SERVER_AUTH_GOOGLE_CLIENT_SECRET") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97a450d7e7252011 Environment-variable access.
repo/examples/auth/huggingface_oauth/server.py:8
    client_id=os.getenv("FASTMCP_SERVER_AUTH_HF_CLIENT_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #077ff26478f3d884 Environment-variable access.
repo/examples/auth/huggingface_oauth/server.py:10
    client_secret=os.getenv("FASTMCP_SERVER_AUTH_HF_CLIENT_SECRET") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b0543f1d89adeb5 Environment-variable access.
repo/examples/auth/keycloak_oauth/server.py:18
    realm_url=os.getenv("KEYCLOAK_REALM_URL") or "http://localhost:8080/realms/fastmcp",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a0220ffae57b276 Environment-variable access.
repo/examples/auth/mounted/server.py:39
    client_id=os.getenv("FASTMCP_SERVER_AUTH_GITHUB_CLIENT_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7dafae7ea4dd8aef Environment-variable access.
repo/examples/auth/mounted/server.py:40
    client_secret=os.getenv("FASTMCP_SERVER_AUTH_GITHUB_CLIENT_SECRET") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52b39f2652396f70 Environment-variable access.
repo/examples/auth/mounted/server.py:62
    client_id=os.getenv("FASTMCP_SERVER_AUTH_GOOGLE_CLIENT_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #242e80d97226080a Environment-variable access.
repo/examples/auth/mounted/server.py:63
    client_secret=os.getenv("FASTMCP_SERVER_AUTH_GOOGLE_CLIENT_SECRET") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #433681529e6af4e8 Environment-variable access.
repo/examples/auth/oci_oauth/server.py:20
    client_id=os.getenv("FASTMCP_SERVER_AUTH_IDCS_CLIENT_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d38a77eb657055b1 Environment-variable access.
repo/examples/auth/oci_oauth/server.py:21
    client_secret=os.getenv("FASTMCP_SERVER_AUTH_IDCS_CLIENT_SECRET") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fdf704a62a665e4 Environment-variable access.
repo/examples/auth/oci_oauth/server.py:22
    config_url=f"https://{os.getenv('FASTMCP_SERVER_AUTH_IDCS_DOMAIN')}/.well-known/openid-configuration"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a633cd5e1c61c57 Environment-variable access.
repo/examples/auth/propelauth_oauth/server.py:29
    auth_url=os.environ["PROPELAUTH_AUTH_URL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbdf90274b96a4dc Environment-variable access.
repo/examples/auth/propelauth_oauth/server.py:30
    introspection_client_id=os.environ["PROPELAUTH_INTROSPECTION_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69b3cc43cb5a09af Environment-variable access.
repo/examples/auth/propelauth_oauth/server.py:31
    introspection_client_secret=os.environ["PROPELAUTH_INTROSPECTION_CLIENT_SECRET"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93ad6ade1047df67 Environment-variable access.
repo/examples/auth/propelauth_oauth/server.py:32
    base_url=os.getenv("BASE_URL", "http://127.0.0.1:8000/"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6311d8dcabc183e Environment-variable access.
repo/examples/auth/scalekit_oauth/server.py:22
required_scopes_env = os.getenv("SCALEKIT_REQUIRED_SCOPES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc6a0cd8e617fe87 Environment-variable access.
repo/examples/auth/scalekit_oauth/server.py:30
    environment_url=os.getenv("SCALEKIT_ENVIRONMENT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2243b9aba3454070 Environment-variable access.
repo/examples/auth/scalekit_oauth/server.py:32
    resource_id=os.getenv("SCALEKIT_RESOURCE_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b91490044b70459b Environment-variable access.
repo/examples/auth/scalekit_oauth/server.py:33
    base_url=os.getenv("BASE_URL", "http://127.0.0.1:8000/"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7548918932288b2e Environment-variable access.
repo/examples/auth/workos_oauth/server.py:20
    client_id=os.getenv("WORKOS_CLIENT_ID") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8b7c6756600cb73 Environment-variable access.
repo/examples/auth/workos_oauth/server.py:21
    client_secret=os.getenv("WORKOS_CLIENT_SECRET") or "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdf5ddc9417baf45 Environment-variable access.
repo/examples/auth/workos_oauth/server.py:22
    authkit_domain=os.getenv("WORKOS_AUTHKIT_DOMAIN") or "https://your-app.authkit.app",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52c8e4e004eb0597 Filesystem access.
repo/examples/code_mode/server.py:73
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #027feb01b1ed0248 Environment-variable access.
repo/examples/diagnostics/client_with_tracing.py:34
    endpoint = os.environ.get("OTEL_EXPORTER_OTLP_ENDPOINT", "http://localhost:4317")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ddadadb4961f295 Environment-variable access.
repo/examples/diagnostics/client_with_tracing.py:35
    service_name = os.environ.get("OTEL_SERVICE_NAME", "fastmcp-diagnostics-client")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d229283d1022a26e Environment-variable access.
repo/examples/diagnostics/client_with_tracing.py:53
    server_url = os.environ.get("DIAGNOSTICS_SERVER_URL", "http://localhost:8001/sse")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6563349a80d24b2 Environment-variable access.
repo/examples/diagnostics/server.py:25
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c92e04e639c25fc Environment-variable access.
repo/examples/memory.py:43
    fastmcp.settings.home / os.environ.get("USER", "anon") / "memory"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89e0affb52c590c1 Environment-variable access.
repo/examples/run_with_tracing.py:34
    endpoint = os.environ.get("OTEL_EXPORTER_OTLP_ENDPOINT", "http://localhost:4317")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4ba10c30811c3ad Environment-variable access.
repo/examples/run_with_tracing.py:35
    service_name = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bca1be762ae39a3a Environment-variable access.
repo/examples/run_with_tracing.py:35
    service_name = os.environ.get(
        "OTEL_SERVICE_NAME",
        f"fastmcp-{os.path.basename(sys.argv[1]).replace('.py', '')}",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #200805b08ff7d7bf Filesystem access.
repo/examples/search/server_bm25.py:73
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9227a3faaf15b557 Environment-variable access.
repo/fastmcp_remote/fastmcp_remote/cli.py:79
            lambda match: os.environ[match.group(1)], header_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8c882d24140c3e3 Environment-variable access.
repo/fastmcp_remote/fastmcp_remote/cli.py:99
    if config_dir := os.environ.get("FASTMCP_REMOTE_CONFIG_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e09ca358731104d9 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/apps_dev.py:1343
        app_bridge_js = app_bridge_cache.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81fdd29a3134fc15 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/apps_dev.py:1365
    app_bridge_cache.write_text(app_bridge_js, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf00b84eafd110ea Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/apps_dev.py:1699
    env = {**os.environ, "FASTMCP_LOG_LEVEL": "WARNING"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2554478d1b010281 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/cimd.py:123
        with open(output_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78194e5d69f40928 Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/cli.py:310
        env = dict(os.environ.items()) | env_vars | {"FASTMCP_UV_SPAWNED": "1"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6803e8bc8caf27f9 Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/cli.py:747
        env = os.environ | {"FASTMCP_UV_SPAWNED": "1"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22d0c3fb9e4868e1 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/cli.py:884
                with open(Path(server_spec)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdc5f95ec8fb0cfc Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/cli.py:920
        env = os.environ | {"FASTMCP_UV_SPAWNED": "1"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ec39c41972e1e15 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/client.py:140
        data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd1ea2d67746df63 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:123
        text = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3cb1f49ee33d35e Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:148
            os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"), "Claude"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15e1d81a13a1af08 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:161
        text = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d67630df864d710 Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:259
            os.environ.get("APPDATA", Path.home() / "AppData" / "Roaming"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3981bcf66b7ce80c Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:266
            os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00024bee67195fba Filesystem access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:272
        text = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1773d060b904a184 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/generate.py:770
    output_path.write_text(script)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d50a5c1dbe2f2a90 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/generate.py:784
        skill_path.write_text(skill_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6757d386cc570a20 Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/install/claude_desktop.py:39
            os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"), "Claude"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d9fe2aa827a6992 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/install/claude_desktop.py:118
            content = config_file.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b006c72f9ffed43c Filesystem access.
repo/fastmcp_slim/fastmcp/cli/install/cursor.py:130
            config_file.write_text('{"mcpServers": {}}')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dd9582c61615d4c Filesystem access.
repo/fastmcp_slim/fastmcp/cli/install/shared.py:82
            with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47d215f16708ca3a Filesystem access.
repo/fastmcp_slim/fastmcp/cli/run.py:173
        with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cece1a5c1a32cc8 Environment-variable access.
repo/fastmcp_slim/fastmcp/client/transports/stdio.py:430
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecb62c41208abfdd Environment-variable access.
repo/fastmcp_slim/fastmcp/client/transports/stdio.py:497
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #057f694ab035e58b Environment-variable access.
repo/fastmcp_slim/fastmcp/client/transports/stdio.py:559
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42e9fdca2427f79b Filesystem access.
repo/fastmcp_slim/fastmcp/mcp_config.py:334
        file_path.write_text(self.model_dump_json(indent=2), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74e5cbb0e02ae2e6 Filesystem access.
repo/fastmcp_slim/fastmcp/mcp_config.py:340
            content := file_path.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c544d27ef0484089 Filesystem access.
repo/fastmcp_slim/fastmcp/resources/types.py:103
                content: str | bytes = await self._async_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42d2131ab6970192 Filesystem access.
repo/fastmcp_slim/fastmcp/resources/types.py:105
                content = await self._async_path.read_text(encoding=self.encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc9502990fac894a Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/_common.py:80
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0b395c4951e493c Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:57
            return main_file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #087189403c761181 Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:96
            return full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e27e37112c3d21b1 Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:98
            return full_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e015f6e94c7bb25 Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:170
            return full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65433eadb5e8dfc2 Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:172
            return full_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #671def1f4c07dcb2 Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:242
        content = main_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d1e7fa55bac1415 Environment-variable access.
repo/fastmcp_slim/fastmcp/settings.py:20
ENV_FILE = os.getenv("FASTMCP_ENV_FILE", ".env")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8833278ccf47446e Environment-variable access.
repo/fastmcp_slim/fastmcp/utilities/cli.py:30
    return bool(os.environ.get("FASTMCP_UV_SPAWNED"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b628fce43ff49b7 Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/cli.py:76
                with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3250d85929d0a072 Environment-variable access.
repo/fastmcp_slim/fastmcp/utilities/mcp_server_config/v1/mcp_server_config.py:103
                os.environ[key] = interpolated_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc4fb78cfd11eb9e Environment-variable access.
repo/fastmcp_slim/fastmcp/utilities/mcp_server_config/v1/mcp_server_config.py:128
            return os.environ.get(var_name, match.group(0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23f621eb1866438b Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/mcp_server_config/v1/mcp_server_config.py:442
        with open(output, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aca3a75fe5eb276a Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/skills.py:208
            file_path.write_text(content.text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c30007946d61244e Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/types.py:286
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c6445b17bc79638 Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/types.py:358
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f2fa0daf94411cd Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/types.py:418
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c13961e70e9788d Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/version_check.py:40
        data = json.loads(cache_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b4bb48aa146c0cb Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/version_check.py:51
        cache_path.write_text(
            json.dumps({"latest_version": latest_version, "timestamp": time.time()})
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #bdcd3b1cdf3a49d8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/fastmcp_slim/fastmcp/utilities/version_check.py:69
        response = httpx.get(PYPI_URL, timeout=REQUEST_TIMEOUT_SECONDS)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1684957aa0307748 Environment-variable access.
repo/scripts/auto_close_duplicates.py:290
    token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ae48cade711a140 Environment-variable access.
repo/scripts/auto_close_duplicates.py:294
    owner = os.environ.get("GITHUB_REPOSITORY_OWNER", "prefecthq")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #829d5dfd6bfa3aa0 Environment-variable access.
repo/scripts/auto_close_duplicates.py:295
    repo = os.environ.get("GITHUB_REPOSITORY_NAME", "fastmcp")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b892a1a078b820ac Environment-variable access.
repo/scripts/auto_close_needs_mre.py:336
    token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bf4f94231c08c5c Environment-variable access.
repo/scripts/auto_close_needs_mre.py:340
    owner = os.environ.get("GITHUB_REPOSITORY_OWNER", "prefecthq")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9a6af6439e1a5a4 Environment-variable access.
repo/scripts/auto_close_needs_mre.py:341
    repo = os.environ.get("GITHUB_REPOSITORY_NAME", "fastmcp")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): fastmcp_slim

python first-party
medium telemetry production #7f10ee54d56a8652 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/client/mixins/tools.py:11
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fb179e80077248a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/client/telemetry.py:6
from opentelemetry.trace import Span, SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7e7d0ab6cf6310d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/server/sampling/run.py:29
from opentelemetry.trace import SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #23a0bb4d1029a3bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/server/telemetry.py:7
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3a11424cbc66f792 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/server/telemetry.py:8
from opentelemetry.trace import Span, SpanKind, Status, StatusCode, get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7f3343e44b9cdb29 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/telemetry.py:26
from opentelemetry import context as otel_context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9e8627d0ccdcca38 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/telemetry.py:27
from opentelemetry import propagate, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #14fa1c3881ed61bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/telemetry.py:28
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #754b3b33e6fb3849 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/telemetry.py:29
from opentelemetry.trace import Span, Status, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ad3b5f89727c13e1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/fastmcp_slim/fastmcp/telemetry.py:30
from opentelemetry.trace import get_tracer as otel_get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 49 low-confidence finding(s)
low env_fs production #e09ca358731104d9 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/apps_dev.py:1343
        app_bridge_js = app_bridge_cache.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81fdd29a3134fc15 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/apps_dev.py:1365
    app_bridge_cache.write_text(app_bridge_js, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf00b84eafd110ea Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/apps_dev.py:1699
    env = {**os.environ, "FASTMCP_LOG_LEVEL": "WARNING"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2554478d1b010281 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/cimd.py:123
        with open(output_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78194e5d69f40928 Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/cli.py:310
        env = dict(os.environ.items()) | env_vars | {"FASTMCP_UV_SPAWNED": "1"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6803e8bc8caf27f9 Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/cli.py:747
        env = os.environ | {"FASTMCP_UV_SPAWNED": "1"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22d0c3fb9e4868e1 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/cli.py:884
                with open(Path(server_spec)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdc5f95ec8fb0cfc Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/cli.py:920
        env = os.environ | {"FASTMCP_UV_SPAWNED": "1"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ec39c41972e1e15 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/client.py:140
        data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd1ea2d67746df63 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:123
        text = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3cb1f49ee33d35e Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:148
            os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"), "Claude"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15e1d81a13a1af08 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:161
        text = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d67630df864d710 Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:259
            os.environ.get("APPDATA", Path.home() / "AppData" / "Roaming"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3981bcf66b7ce80c Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:266
            os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00024bee67195fba Filesystem access.
repo/fastmcp_slim/fastmcp/cli/discovery.py:272
        text = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1773d060b904a184 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/generate.py:770
    output_path.write_text(script)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d50a5c1dbe2f2a90 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/generate.py:784
        skill_path.write_text(skill_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6757d386cc570a20 Environment-variable access.
repo/fastmcp_slim/fastmcp/cli/install/claude_desktop.py:39
            os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"), "Claude"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d9fe2aa827a6992 Filesystem access.
repo/fastmcp_slim/fastmcp/cli/install/claude_desktop.py:118
            content = config_file.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b006c72f9ffed43c Filesystem access.
repo/fastmcp_slim/fastmcp/cli/install/cursor.py:130
            config_file.write_text('{"mcpServers": {}}')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dd9582c61615d4c Filesystem access.
repo/fastmcp_slim/fastmcp/cli/install/shared.py:82
            with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47d215f16708ca3a Filesystem access.
repo/fastmcp_slim/fastmcp/cli/run.py:173
        with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cece1a5c1a32cc8 Environment-variable access.
repo/fastmcp_slim/fastmcp/client/transports/stdio.py:430
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecb62c41208abfdd Environment-variable access.
repo/fastmcp_slim/fastmcp/client/transports/stdio.py:497
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #057f694ab035e58b Environment-variable access.
repo/fastmcp_slim/fastmcp/client/transports/stdio.py:559
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42e9fdca2427f79b Filesystem access.
repo/fastmcp_slim/fastmcp/mcp_config.py:334
        file_path.write_text(self.model_dump_json(indent=2), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74e5cbb0e02ae2e6 Filesystem access.
repo/fastmcp_slim/fastmcp/mcp_config.py:340
            content := file_path.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c544d27ef0484089 Filesystem access.
repo/fastmcp_slim/fastmcp/resources/types.py:103
                content: str | bytes = await self._async_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42d2131ab6970192 Filesystem access.
repo/fastmcp_slim/fastmcp/resources/types.py:105
                content = await self._async_path.read_text(encoding=self.encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc9502990fac894a Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/_common.py:80
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0b395c4951e493c Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:57
            return main_file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #087189403c761181 Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:96
            return full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e27e37112c3d21b1 Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:98
            return full_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e015f6e94c7bb25 Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:170
            return full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65433eadb5e8dfc2 Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:172
            return full_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #671def1f4c07dcb2 Filesystem access.
repo/fastmcp_slim/fastmcp/server/providers/skills/skill_provider.py:242
        content = main_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d1e7fa55bac1415 Environment-variable access.
repo/fastmcp_slim/fastmcp/settings.py:20
ENV_FILE = os.getenv("FASTMCP_ENV_FILE", ".env")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8833278ccf47446e Environment-variable access.
repo/fastmcp_slim/fastmcp/utilities/cli.py:30
    return bool(os.environ.get("FASTMCP_UV_SPAWNED"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b628fce43ff49b7 Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/cli.py:76
                with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3250d85929d0a072 Environment-variable access.
repo/fastmcp_slim/fastmcp/utilities/mcp_server_config/v1/mcp_server_config.py:103
                os.environ[key] = interpolated_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc4fb78cfd11eb9e Environment-variable access.
repo/fastmcp_slim/fastmcp/utilities/mcp_server_config/v1/mcp_server_config.py:128
            return os.environ.get(var_name, match.group(0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23f621eb1866438b Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/mcp_server_config/v1/mcp_server_config.py:442
        with open(output, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aca3a75fe5eb276a Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/skills.py:208
            file_path.write_text(content.text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c30007946d61244e Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/types.py:286
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c6445b17bc79638 Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/types.py:358
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f2fa0daf94411cd Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/types.py:418
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c13961e70e9788d Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/version_check.py:40
        data = json.loads(cache_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b4bb48aa146c0cb Filesystem access.
repo/fastmcp_slim/fastmcp/utilities/version_check.py:51
        cache_path.write_text(
            json.dumps({"latest_version": latest_version, "timestamp": time.time()})
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #bdcd3b1cdf3a49d8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/fastmcp_slim/fastmcp/utilities/version_check.py:69
        response = httpx.get(PYPI_URL, timeout=REQUEST_TIMEOUT_SECONDS)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (python): fastmcp_remote

python first-party
expand_more 2 low-confidence finding(s)
low env_fs production #9227a3faaf15b557 Environment-variable access.
repo/fastmcp_remote/fastmcp_remote/cli.py:79
            lambda match: os.environ[match.group(1)], header_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8c882d24140c3e3 Environment-variable access.
repo/fastmcp_remote/fastmcp_remote/cli.py:99
    if config_dir := os.environ.get("FASTMCP_REMOTE_CONFIG_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

rich

python dependency
medium telemetry dependency Excluded from app score #232893abf06c0efe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/rich/progress.py:173
        yield from progress.track(
            sequence,
            total=total,
            completed=completed,
            description=description,
            update_period=update_period,
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 22 low-confidence finding(s)
low env_fs dependency Excluded from app score #b1422e098cf045c5 Environment-variable access.
pkgs/python/[email protected]/rich/_unicode_data/__init__.py:67
        unicode_version = os.environ.get("UNICODE_VERSION", "latest")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75384a792c6d50c4 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:441
        self.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7be92c1af73d46f9 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:612
    term.write_text("went back and wrapped to prev line")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3c610ce77760c41 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:615
    term.write_text("we go up")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78c957b73672735d Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:618
    term.write_text("and down")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ff0b59b3ab8f382 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:623
    term.write_text("we went up and back 2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62609b0883d778d9 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:628
    term.write_text("we went down and back 2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8e4ddea3f9354af Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:636
    term.write_text("The red arrow shows the cursor location, and direction of erase")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #105e3be33689a3fb Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:646
    term.write_text("The red arrow shows the cursor location, and direction of erase")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37e96e7c27576883 Filesystem access.
pkgs/python/[email protected]/rich/_windows_renderer.py:19
                term.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cadafb814a82574 Filesystem access.
pkgs/python/[email protected]/rich/_windows_renderer.py:28
                    term.write_text("\r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1cca2f401116b58 Environment-variable access.
pkgs/python/[email protected]/rich/console.py:515
        or os.getenv("DATABRICKS_RUNTIME_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #758a5bb9745dfe91 Environment-variable access.
pkgs/python/[email protected]/rich/console.py:617
    _environ: Mapping[str, str] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8b9ba3c63b9107d Filesystem access.
pkgs/python/[email protected]/rich/console.py:2241
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d90b7221d69e059 Filesystem access.
pkgs/python/[email protected]/rich/console.py:2349
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a49a1a4534897380 Filesystem access.
pkgs/python/[email protected]/rich/console.py:2641
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9308097f3816032e Environment-variable access.
pkgs/python/[email protected]/rich/diagnose.py:32
    env = {name: os.getenv(name) for name in env_names}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0889a12f6fe9a4d9 Filesystem access.
pkgs/python/[email protected]/rich/json.py:134
            json_data = Path(args.path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57ef7f6d06648e37 Filesystem access.
pkgs/python/[email protected]/rich/markdown.py:777
        with open(args.path, encoding="utf-8") as markdown_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #072219434b61ca8f Filesystem access.
pkgs/python/[email protected]/rich/progress.py:1373
        handle = io.open(file, "rb", buffering=buffering)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3871f4757b32f7e9 Filesystem access.
pkgs/python/[email protected]/rich/syntax.py:360
        code = Path(path).read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #887758b0f8abf951 Filesystem access.
pkgs/python/[email protected]/rich/theme.py:73
        with open(path, encoding=encoding) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

platformdirs

python dependency
expand_more 33 low-confidence finding(s)
low env_fs dependency Excluded from app score #bfb3d7f6ac551a5c Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/__init__.py:33
    if os.getenv("ANDROID_DATA") == "/data" and os.getenv("ANDROID_ROOT") == "/system":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ff7c66b8edc1f42 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/__init__.py:34
        if os.getenv("SHELL") or os.getenv("PREFIX"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28c79db1ce5e21f8 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:16
        if path := os.environ.get("XDG_DATA_HOME", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d0a51b407a34f9c Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:22
        if xdg_dirs := os.environ.get("XDG_DATA_DIRS", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07b1f0d6dd6e13d9 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:35
        if path := os.environ.get("XDG_CONFIG_HOME", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d62b0ce5b9550b5 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:41
        if xdg_dirs := os.environ.get("XDG_CONFIG_DIRS", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c043eddf7525893d Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:54
        if path := os.environ.get("XDG_CACHE_HOME", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afe03cb11795b0c4 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:61
        if path := os.environ.get("XDG_STATE_HOME", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6a79d824f394453 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:68
        if path := os.environ.get("XDG_RUNTIME_DIR", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01ff2a8d28fc6aa3 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:75
        if path := os.environ.get("XDG_RUNTIME_DIR", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6840db5792803468 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:82
        if path := os.environ.get("XDG_DOCUMENTS_DIR", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e72bcc0c9a776365 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:89
        if path := os.environ.get("XDG_DOWNLOAD_DIR", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d1025e57143d707 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:96
        if path := os.environ.get("XDG_PICTURES_DIR", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77f58ac4a1ed7d09 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:103
        if path := os.environ.get("XDG_VIDEOS_DIR", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8356aeddfbd0040f Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:110
        if path := os.environ.get("XDG_MUSIC_DIR", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22b2f07c0e4cbbdd Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:117
        if path := os.environ.get("XDG_DESKTOP_DIR", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e34c32cccb3ce60 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:124
        if path := os.environ.get("XDG_PROJECTS_DIR", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38ca98fafa7d9684 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:131
        if path := os.environ.get("XDG_PUBLICSHARE_DIR", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5b01c57694a48a5 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:138
        if path := os.environ.get("XDG_TEMPLATES_DIR", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94bee81445a89231 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:145
        if path := os.environ.get("XDG_DATA_HOME", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #262abe8ae02d9919 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:152
        if path := os.environ.get("XDG_DATA_HOME", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #041ad8dc8a0cabdf Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/_xdg.py:158
        if xdg_dirs := os.environ.get("XDG_DATA_DIRS", "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48708cc3d48dbe14 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/unix.py:302
    config_home = os.environ.get("XDG_CONFIG_HOME", "").strip() or os.path.expanduser("~/.config")  # noqa: PTH111

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b683972608fa39a Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/windows.py:145
        return os.path.normpath(os.environ.get("PUBLIC", str(Path("~").expanduser().parent / "Public")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b233e616971c3053 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/windows.py:208
    result = os.environ.get(env_var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf6966a222cb76df Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/windows.py:218
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Documents")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5f69f276278c814 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/windows.py:221
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Downloads")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7a38bd4e8ee3b15 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/windows.py:224
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Pictures")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83048c3483ad90e2 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/windows.py:227
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Videos")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e501a2f407ac06aa Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/windows.py:230
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Music")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25bfafc0f8051d26 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/windows.py:234
            os.path.normpath(os.environ["APPDATA"]),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89cbb7bbf3f352df Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/windows.py:243
            os.path.normpath(os.environ.get("PROGRAMDATA", os.environ.get("ALLUSERSPROFILE", "C:\\ProgramData"))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4c25ae6528169e8 Environment-variable access.
pkgs/python/[email protected]/src/platformdirs/windows.py:388
    if override := os.environ.get(env_var, "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pydantic

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #7aedd0514d1cb165 Filesystem access.
pkgs/python/[email protected]/pydantic/deprecated/parse.py:71
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be7926140ca22fc5 Environment-variable access.
pkgs/python/[email protected]/pydantic/json_schema.py:344
                if os.getenv('PYDANTIC_PRIVATE_ALLOW_UNHANDLED_SCHEMA_TYPES'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1e58eefbe71b822 Filesystem access.
pkgs/python/[email protected]/pydantic/mypy.py:1411
    with open(config_file, 'rb') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30604a2f9b6294ab Environment-variable access.
pkgs/python/[email protected]/pydantic/plugin/_loader.py:27
    disabled_plugins = os.getenv('PYDANTIC_DISABLE_PLUGINS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6d85425f5164bed Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:173
            env_vars: Mapping[str, Optional[str]] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28557d807ad3186d Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:175
            env_vars = {k.lower(): v for k, v in os.environ.items()}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58346ba388ce9727 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:307
                    secret_value = path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #562b901d7c378c10 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/mypy.py:948
    with open(config_file, read_mode) as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21b991c22d9d93c1 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/parse.py:57
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pydantic-settings

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #26338a9b40b3deb8 Environment-variable access.
pkgs/python/[email protected]/pydantic_settings/sources/providers/env.py:75
        return parse_env_vars(os.environ, self.case_sensitive, self.env_ignore_empty, self.env_parse_none_str)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf9dff98cb1515ab Filesystem access.
pkgs/python/[email protected]/pydantic_settings/sources/providers/nested_secrets.py:203
        return {str(p.relative_to(path)): p.read_text().strip() for p in cls._iter_secret_files(path)}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a0a7b8022be7052 Filesystem access.
pkgs/python/[email protected]/pydantic_settings/sources/providers/secrets.py:122
                    return path.read_text().strip(), field_key, value_is_complex

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-dotenv

python dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #562e43a354c223cc Filesystem access.
pkgs/python/[email protected]/src/dotenv/cli.py:76
        with open(path) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e8ceee7a4725dbd Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:194
        if v is not None and (override or k not in os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29957e3d202025c6 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:225
    cmd_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4966a66ccc9a2f2f Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:26
    if "PYTHON_DOTENV_DISABLED" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65c65895e1da2961 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:28
    value = os.environ["PYTHON_DOTENV_DISABLED"].casefold()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a392872ae9733d6f Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:63
            with open(self.dotenv_path, encoding=self.encoding) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6cfcb8fd4973351 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:105
            if k in os.environ and not self.override:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5055ce8f3b355784 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:108
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ece95ef4e2db1e1 Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:148
        source: IO[str] = open(path, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f67f3691f73ca52 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:302
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af9d75d7d039232f Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:306
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typing-extensions

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #b0e6b74a9a59b248 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1698
            Path(tempdir, "ann_module.py").write_text(ANN_MODULE_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e10330ecfea56925 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1699
            Path(tempdir, "ann_module2.py").write_text(ANN_MODULE_2_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2309465dd56cb8e8 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1700
            Path(tempdir, "ann_module3.py").write_text(ANN_MODULE_3_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6c54f93b0b0f8a6 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8783
            Path(tempdir, "inspect_stock_annotations.py").write_text(STOCK_ANNOTATIONS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fba3fa8d717bc45f Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8784
            Path(tempdir, "inspect_stringized_annotations.py").write_text(STRINGIZED_ANNOTATIONS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d882c1c53983e05c Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8785
            Path(tempdir, "inspect_stringized_annotations_2.py").write_text(STRINGIZED_ANNOTATIONS_2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea22aed745966309 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:9234
            Path(tempdir, "inspect_stringized_annotations_pep_695.py").write_text(STRINGIZED_ANNOTATIONS_PEP_695)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.