Close Open Privacy Scan

bolt Snapshot: commit b4babf3
science engine v1.21
schedule 2026-07-18T01:07:08.612162+00:00

verified_user Possible application data leak

Potential data exfiltration identified in application code.

smart_toy MCP server detected: litellm, mcp — detected in dependencies, not a safety judgment.

App Privacy Score

67 /100
Medium privacy risk — possible application leak

Medium risk · 1709 finding(s)

Dependency score: 0 (High risk)

bar_chart Score Breakdown

egress −15
pii_flow −15
env_fs −3

list Scan Summary

0 high 75 medium 1634 low
First-party packages: 1
Dependency packages: 14
Ecosystem: python

swap_horiz Potential data exfiltration in application code

External domains: ::ffff:192.168.0.1actions.zapier.comadam.herokuapp.comai-gateway.vercel.shai-guard.aws.us.pangea.cloudai.google.devaiplatform.googleapis.comandroid.stackexchange.comapi-inference.huggingface.coapi.agentops.aiapi.ai21.comapi.aim.securityapi.aimlapi.comapi.aleph-alpha.comapi.anthropic.comapi.assemblyai.comapi.braintrustdata.comapi.bytez.comapi.cerebras.aiapi.clarifai.comapi.cloudflare.comapi.cloudzero.comapi.cohere.aiapi.cohere.comapi.cometapi.comapi.confident-ai.comapi.deepgram.comapi.deepinfra.comapi.deepseek.comapi.elevenlabs.ioapi.endpoints.anyscale.comapi.eu.assemblyai.comapi.featherless.aiapi.fireworks.aiapi.friendli.aiapi.galadriel.comapi.github.comapi.githubcopilot.comapi.groq.comapi.hconeai.comapi.honeycomb.ioapi.humanloop.comapi.hyperbolic.xyzapi.jina.aiapi.lakera.aiapi.lambda.aiapi.litellm.aiapi.llama.comapi.mistral.aiapi.moonshot.aiapi.morphllm.comapi.nlpcloud.ioapi.noma.securityapi.novita.aiapi.openai.comapi.openai.com-12api.perplexity.aiapi.pillar.securityapi.promptlayer.comapi.replicate.comapi.resend.comapi.sambanova.aiapi.smith.langchain.comapi.studio.nebius.aiapi.together.xyzapi.topazlabs.comapi.v0.devapi.voyageai.comapi.x.aiapp.datarobot.comapp.empower.devapp.phoenix.arize.comarchive.orgark.cn-beijing.volces.comarstechnica.comarxiv.orgaws.amazon.comazure-us-east-1.openai.azure.combayes.cs.ucla.edubetterexplained.combl.ocks.orgblog.alifaraji.irblog.famzah.netblog.ganssle.ioblogs.ams.orgbooks.google.combootlin.combost.ocks.orgbrew.shbrotlipy.readthedocs.iobugs.python.orgcal.comcalendly.comcdnjs.cloudflare.comchat.maritaca.aiciteseer.ist.psu.educiteseerx.ist.psu.educlarifai.comcloud.getliteral.aicloud.google.comcloud.ibm.comcloud.langfuse.comcode.activestate.comcodestral.mistral.aicognitiveservices.azure.comcole-maclean.github.iocommunity.openai.comconsole.cloud.google.comcourses.cs.ut.eecrypto.cs.mcgill.cad-uuwbxj1u4cnu.studio.us-west-2.sagemaker.awsd3js.orgdashscope-intl.aliyuncs.comdashscope.aliyuncs.comdatatracker.ietf.orgdbpubs.stanford.edudeepeval.confident-ai.comdeepinfra.comdeveloper.android.comdeveloper.apple.comdeveloper.hashicorp.comdeveloper.mozilla.orgdeveloper.pagerduty.comdevelopers.generativeai.googlediscord.comdiscord.ggdiscoveryengine.googleapis.comdiscuss.python.orgdl.acm.orgdocs.ai21.comdocs.aleph-alpha.comdocs.anthropic.comdocs.api.nvidia.comdocs.aws.amazon.comdocs.codestral.comdocs.cohere.comdocs.databricks.comdocs.datadoghq.comdocs.fireworks.aidocs.hyperbolic.xyzdocs.litellm.aidocs.microsoft.comdocs.mistral.aidocs.morphllm.comdocs.nlpcloud.comdocs.perplexity.aidocs.predibase.comdocs.pydantic.devdocs.python.orgdocs.rsdocs.sambanova.aidocs.scipy.orgdocs.snowflake.comdocs.swarms.worlddocs.together.aidocs.voyageai.comdoi.acm.orgdoi.orgdx.doi.orgeccc.hpi-web.deeclectic.ss.uci.eduen.wikipedia.orgepubs.siam.orgerrors.pydantic.deveu.api.confident-ai.comeu.assemblyai.comeu.deepeval.confident-ai.comevents.pagerduty.comexam_ple.comexampleopenaiendpoint-production.up.railway.appexcalidraw.comexternal.api.recraft.aifeatherless.aifoo.comfreedesktop.orggenerativelanguage.googleapis.comgephi.orggexf.netgit.kernel.orggithub.comgitlab.comgoogle.github.iogr-prd-trial.aporia.comgraph.microsoft.comgraphml.graphdrawing.orghal.archives-ouvertes.frhdl.handle.nethomepages.dcc.ufmg.brhrcak.srce.hrhttp-intake.logshttpbin.orghuggingface.cohuggingface.github.iohumanloop.comhuntr.comhypothesis.readthedocs.ioiam.cloud.ibm.comieeexplore.ieee.orginference-docs.cerebras.aiinference.api.nscale.cominference.baseten.coinference.do-ai.runinference.generativeaiinference.readthedocs.ioinfinity.modal.michaelfeil.euintegrate.api.nvidia.comiopscience.iop.orgiuuk.mff.cuni.czjina.aijmlr.csail.mit.edujournals.aps.orgjournals.plos.orgjponnela.comjson-schema.orglangtrace.ailearn.microsoft.comlicense.litellm.ailink.aps.orglink.springer.comlinuxdevcenter.comlists.sourceforge.netlitellm-listing.s3.amazonaws.comlitellm-production-7002.up.railway.applitellm.ailitellm.vercel.applitellm8397336933.openai.azure.comlitellm8397336933.services.ai.azure.comllama.developer.meta.comlmstudio.ailocation-aiplatform.googleapis.comlog.athina.ailogfire-api.pydantic.devlogin.microsoftonline.commail.python.orgmanual.cytoscape.orgmath.berkeley.edumath.mit.edumath.stackexchange.commath.wvu.edumathworld.wolfram.commembers.loria.frmetadata.google.internalmicrosoft.github.iomodelcontextprotocol.iomodels.inference.ai.azure.commodels.litellm.aimypy.readthedocs.iomüller.denats.ionetworkx.lanl.govnetworkx.orgnothooks.slack.comnovita.aioeis.orgollama.aionlinelibrary.wiley.comopenai.comopenmeter.cloudopenproceedings.orgopenrouter.aiother.comotlp.agentops.cloudotlp.arize.compackaging.python.orgpendulum.eustace.iopeps.python.orgplatform.moonshot.aiplatform.openai.complatform.stability.aiportal.acm.orgpub.ist.ac.atpubsub.googleapis.compydantic-docs.helpmanual.iopygments.orgpygraphviz.github.iopypi.orgpython-devtools.helpmanual.iopyyaml.orgraw.githubusercontent.comredis.iorefspecs.linuxfoundation.orgreplicate.comrequests.readthedocs.ioresend.comrich.readthedocs.iorosettacode.orgrouter.huggingface.coruntime.sagemakerrussellfunk.orgsariyuce.comscipy.orgsecretmanager.googleapis.comserver.lasso.securityserverfault.comservice.api.aisecurity.paloaltonetworks.comserving.app.predibase.comsetuptools.pypa.iosites.cs.ucsb.eduspecifications.freedesktop.orgstackoverflow.comstorage.azure.comstorage.googleapis.comstream-b.svc.rno2.c.replicate.netswarms.worldtechnet.microsoft.comtest.comtexttospeech.googleapis.comtikz.devtimeapi.iotools.ietf.orgtwitter.comus-central1-aiplatform.googleapis.comus-east-1.console.aws.amazon.comus-west-2.console.aws.amazon.comus.cloud.langfuse.comusers.cecs.anu.edu.auv0.devvalidate-pyproject.readthedocs.iovercel.comvideolectures.netviews.scientific-python.orgvisualstudio.microsoft.comvlado.fmf.uni-lj.siw.wikiw3.orgweb.archive.orgweb.eecs.utk.eduweb.math.princeton.eduweb.mit.eduwuecampus2.uni-wuerzburg.dewww-cs-faculty.stanford.eduwww-cs-students.stanford.eduwww-personal.umich.eduwww.algorithmic-solutions.infowww.amazon.comwww.analytictech.comwww.aws-services.infowww.combinatorics.orgwww.comet.comwww.coolmath.comwww.cs.cornell.eduwww.cs.purdue.eduwww.cs.technion.ac.ilwww.cs.umd.eduwww.cs.uu.nlwww.cse.msu.eduwww.example.珠宝www.fim.uni-passau.dewww.gexf.netwww.googleapis.comwww.graphdegeneracy.orgwww.graphviz.orgwww.ibm.comwww.ics.uci.eduwww.informatik.uni-augsburg.dewww.jmlr.orgwww.jstor.orgwww.litellm.aiwww.math.uchicago.eduwww.math.ucsd.eduwww.mdpi.comwww.numberanalytics.comwww.oreilly.comwww.pnas.orgwww.python.orgwww.recraft.aiwww.researchgate.netwww.rfc-editor.orgwww.santafe.eduwww.santofortunato.netwww.scielo.brwww.sciencedirect.comwww.stats.ox.ac.ukwww.systutorials.comwww.textualize.iowww.w3.orgwww.win.tue.nlwww.xudongz.comwww.youtube.comwww.yworks.comwww.zapier.comwww2.asanet.orgxn--fiqs8s.icom.museum

medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/swarms/telemetry/main.py:132 repo/swarms/telemetry/main.py:139
hub Dependency data flows (8)
medium mcp dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:77 pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:96
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:178 pkgs/python/[email protected]/litellm/integrations/lago.py:198
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:178 pkgs/python/[email protected]/litellm/integrations/lago.py:201
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:569 pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:578
medium litellm dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/main.py:2210 pkgs/python/[email protected]/litellm/main.py:2257
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:37 pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:57

</> First-Party Code

first-party (python)

python first-party
medium pii_flow production #c3286657d614c7b0 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/swarms/telemetry/main.py:139 · flow /tmp/closeopen-rw5qdvyn/repo/swarms/telemetry/main.py:132 → /tmp/closeopen-rw5qdvyn/repo/swarms/telemetry/main.py:139
    response = requests.post(
        url, json=payload, headers=headers, timeout=10
    )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 354 low-confidence finding(s)
low env_fs test-only Excluded from app score #53004584e56f8287 Filesystem access.
repo/examples/changelogs/v12_update/04_conversation_memory_compact.py:35
    with open(memory_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0f4ad5583bde0d38 Environment-variable access.
repo/examples/changelogs/v9_examples/example_sub_agents.py:6
api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #74b6b7ab721beb0a Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/aop_examples/medical_aop/client.py:76
        epi = requests.get(
            "https://disease.sh/v3/covid-19/countries/USA?strict=true",
            timeout=5,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #a51c7f77e16fd5b2 Environment-variable access.
repo/examples/guides/demos/chart_swarm.py:208
        os.environ["OPENAI_API_KEY"] = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4bb36daf629fd2a5 Filesystem access.
repo/examples/guides/demos/chart_swarm.py:218
        with open(img, "rb") as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cf367fe32dfada13 Environment-variable access.
repo/examples/guides/demos/crypto/ethchain_agent.py:72
        api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #9ad831ada2b9a9ab Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/demos/crypto/ethchain_agent.py:107
            response = requests.get(
                "https://api.coingecko.com/api/v3/simple/price",
                params={"ids": "ethereum", "vs_currencies": "usd"},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #d44024e1748a4bac Filesystem access.
repo/examples/guides/demos/crypto/ethchain_agent.py:140
            with open(self.csv_filename, "w", newline="") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b07b6f761cb9e12f Filesystem access.
repo/examples/guides/demos/crypto/ethchain_agent.py:239
        with open(self.csv_filename, "a", newline="") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #7f878fc337bee018 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/demos/crypto/htx_swarm.py:131
        ticker_response = requests.get(
            base_url + ticker_endpoint, params=ticker_params
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #5a6e60d9f3cf4e95 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/demos/crypto/htx_swarm.py:149
        order_book_response = requests.get(
            base_url + order_book_endpoint, params=order_book_params
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #461f685427e3de98 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/demos/crypto/htx_swarm.py:167
        trades_response = requests.get(
            base_url + trades_endpoint, params=trades_params
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #d5e8f8ea8467a501 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/demos/crypto/htx_swarm.py:186
        kline_response = requests.get(
            base_url + kline_endpoint, params=kline_params
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #c73f959c7ecedff4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/demos/crypto/swarms_coin_agent.py:102
    response = requests.get(url, params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #ad8394a4726cfa28 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/guides/demos/crypto/swarms_coin_multimarket.py:128
                async with session.get(url, timeout=10) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #31eb709abc20ae29 Filesystem access.
repo/examples/guides/demos/cuda_swarm.py:326
            with open(self.file_path, mode) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #d1eed169f27b3e67 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/guides/demos/finance/sentiment_news_analysis.py:137
        response = requests.get(url, headers=headers, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #38f6b2c62b6e6535 Filesystem access.
repo/examples/guides/demos/hackathon_feb16/fraud.py:242
        with open(csv_file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #94d6e652646c79c8 Filesystem access.
repo/examples/guides/demos/legal/legal_swarm.py:208
                    with open(file_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6efa3b15076b7c66 Filesystem access.
repo/examples/guides/demos/legal/legal_swarm.py:216
                    with open(
                        file_path, "r", encoding="utf-8"
                    ) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e3c2c9689a7c2f15 Environment-variable access.
repo/examples/guides/demos/medical/health_privacy_swarm.py:6
api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #175fed3bb72b9f1b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/guides/demos/medical/health_privacy_swarm.py:265 · flow /tmp/closeopen-rw5qdvyn/repo/examples/guides/demos/medical/health_privacy_swarm.py:6 → /tmp/closeopen-rw5qdvyn/repo/examples/guides/demos/medical/health_privacy_swarm.py:265
print(output)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #09f3fa0365e87d28 Environment-variable access.
repo/examples/guides/demos/medical/health_privacy_swarm_two.py:6
api_key = os.getenv(
    "OPENAI_API_KEY"
)  # ANTHROPIC_API_KEY, COHERE_API_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #43b93bbd1f81e0fa PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/guides/demos/medical/health_privacy_swarm_two.py:291 · flow /tmp/closeopen-rw5qdvyn/repo/examples/guides/demos/medical/health_privacy_swarm_two.py:6 → /tmp/closeopen-rw5qdvyn/repo/examples/guides/demos/medical/health_privacy_swarm_two.py:291
print(output)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low egress test-only Excluded from app score #0068360e57fe409e Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/demos/news_aggregator_summarizer.py:18
        ids = httpx.get(
            "https://hacker-news.firebaseio.com/v0/topstories.json",
            timeout=10,
        ).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #2256f8b7b525a671 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/guides/demos/news_aggregator_summarizer.py:27
            item = httpx.get(
                f"https://hacker-news.firebaseio.com/v0/item/{story_id}.json",
                timeout=10,
            ).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #93e73242f605bbe1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/guides/demos/news_aggregator_summarizer.py:71
        res = httpx.get(url, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #e87490858fba7005 Filesystem access.
repo/examples/guides/demos/news_aggregator_summarizer.py:113
    with open("news_summaries.txt", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #395b949df1449d66 Environment-variable access.
repo/examples/guides/demos/privacy_building.py:6
api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #52be635d72b8e38b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/guides/demos/privacy_building.py:263 · flow /tmp/closeopen-rw5qdvyn/repo/examples/guides/demos/privacy_building.py:6 → /tmp/closeopen-rw5qdvyn/repo/examples/guides/demos/privacy_building.py:263
print(output)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #2c0395bbeb8c1b50 Filesystem access.
repo/examples/guides/demos/real_estate/morgtate_swarm.py:289
        with open(pdf_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9d169b801ba0d6e9 Filesystem access.
repo/examples/guides/demos/real_estate/morgtate_swarm.py:306
        with open(full_path, "w", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d177ed0c67a07135 Filesystem access.
repo/examples/guides/demos/real_estate/morgtate_swarm.py:459
            with open(json_path, "w", encoding="utf-8") as jf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #0c0980d293381081 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/guides/demos/real_estate/real_estate_agent.py:130
            response = self.session.get(
                f"{self.base_url}/properties",
                params={
                    k: v for k, v in params.items() if v is not None
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #d46b352838d695b0 Environment-variable access.
repo/examples/guides/demos/real_estate/real_estate_agent.py:300
        openai_api_key=os.getenv("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #22581052f2360dbd Environment-variable access.
repo/examples/guides/demos/real_estate/real_estate_agent.py:301
        propertyradar_api_key=os.getenv("PROPERTYRADAR_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c68d00e11c6ccd18 Filesystem access.
repo/examples/guides/demos/real_estate/real_estate_agent.py:314
    with open("search_results.json", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #6600c9c4042d3590 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/guides/demos/real_estate/realtor_agent.py:27
    conn = http.client.HTTPSConnection(
        "realtor-search.p.rapidapi.com"
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #c9fb67625e9f6e47 Environment-variable access.
repo/examples/guides/demos/real_estate/realtor_agent.py:32
        "x-rapidapi-key": os.getenv("RAPID_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #5a9fc9ea1a42fab9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/guides/demos/real_estate/realtor_agent.py:42
    conn.request(
        "GET",
        endpoint,
        headers=headers,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #ee6b8c90e97e7718 Environment-variable access.
repo/examples/guides/demos/science/open_scientist.py:79
        "x-api-key": os.getenv("EXA_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #85d66b6871a9dd5f Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/demos/science/open_scientist.py:95
        response = requests.post(
            api_url, json=payload, headers=headers
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #0b5d2c3f93f5d949 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/guides/demos/science/open_scientist.py:95 · flow /tmp/closeopen-rw5qdvyn/repo/examples/guides/demos/science/open_scientist.py:79 → /tmp/closeopen-rw5qdvyn/repo/examples/guides/demos/science/open_scientist.py:95
        response = requests.post(
            api_url, json=payload, headers=headers
        )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low env_fs test-only Excluded from app score #61a262b3a96ac9ef Filesystem access.
repo/examples/guides/demos/science/open_scientist.py:110
        with open(filename, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cf6dd4ef6af33a02 Environment-variable access.
repo/examples/guides/demos/spike/agent_rearrange_test.py:31
api_key = os.getenv("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6a5db0b4e20e0ce5 Environment-variable access.
repo/examples/guides/demos/spike/function_caller_example.py:30
api_key = os.getenv("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a286712229028e79 Environment-variable access.
repo/examples/guides/demos/spike/test.py:31
api_key = os.getenv("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #76f8bc279c7f33cc Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/convert_json_to_csv.py:4
with open("profession_personas.progress.json", "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d6b2cabf386bc8ee Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/convert_json_to_csv.py:10
with open("data_personas_progress.csv", "w", newline="") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a27a91a71af8c925 Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/format_prompt.py:20
        with open(input_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #063ac83a8cc9807a Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/format_prompt.py:53
        with open(output_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #52a8ece92db53f91 Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/profession_persona_generator.py:372
                with open(
                    self.json_progress_file, "r", encoding="utf-8"
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #92dfc7839bdb898b Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/profession_persona_generator.py:422
                        with open(
                            self.json_progress_file,
                            "r",
                            encoding="utf-8",
                        ) as src:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ce2fd1b0d1cb16af Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/profession_persona_generator.py:427
                            with open(
                                backup_file, "w", encoding="utf-8"
                            ) as dst:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cc93bfdf35167f46 Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/profession_persona_generator.py:435
                with open(
                    self.json_progress_file, "w", encoding="utf-8"
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #feb874f2934e9f1a Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/profession_persona_generator.py:466
                    with open(
                        fallback_file, "w", encoding="utf-8"
                    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9facd0cf232687e1 Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/profession_persona_generator.py:602
                with open(
                    self.json_progress_file, "r", encoding="utf-8"
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4160ab126b73ef42 Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/profession_persona_generator.py:612
                with open(
                    self.json_progress_file, "w", encoding="utf-8"
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7fc52420629286fb Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/profession_persona_generator.py:949
            with open(
                self.json_progress_file, "r", encoding="utf-8"
            ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2595527ce57ec42c Filesystem access.
repo/examples/guides/demos/synthetic_data/profession_sim/profession_persona_generator.py:974
                with open(
                    self.json_progress_file, "r", encoding="utf-8"
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #2e9663a92b227c72 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/deployment/cron_job_examples/simple_concurrent_crypto_cron.py:32
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #20a577184228ce86 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/deployment/cron_job_examples/solana_price_tracker.py:36
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #5856fee9c690c4f4 Filesystem access.
repo/examples/guides/hackathon_judge_agent/hackathon_judger_agent.py:112
    with open(file_path, mode="r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #204604b97f564560 Environment-variable access.
repo/examples/guides/hackathons/hackathon_sep_27/api_client.py:7
client = SwarmsClient(api_key=os.getenv("SWARMS_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #31e0e05644b6022a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/guides/hackathons/hackathon_sep_27/api_client.py:9 · flow /tmp/closeopen-rw5qdvyn/repo/examples/guides/hackathons/hackathon_sep_27/api_client.py:7 → /tmp/closeopen-rw5qdvyn/repo/examples/guides/hackathons/hackathon_sep_27/api_client.py:9
print(client.health.check())

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #312733125227ac45 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/guides/hackathons/hackathon_sep_27/api_client.py:10 · flow /tmp/closeopen-rw5qdvyn/repo/examples/guides/hackathons/hackathon_sep_27/api_client.py:7 → /tmp/closeopen-rw5qdvyn/repo/examples/guides/hackathons/hackathon_sep_27/api_client.py:10
print(client.client.rate.get_limits())

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low egress test-only Excluded from app score #85ffd547bb286ca5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/hackathons/hackathon_sep_27/nutritional_content_analysis_swarm.py:77
    response = requests.post(url, headers=headers, json=swarm_config)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #8d051e4c54c2c4f5 Environment-variable access.
repo/examples/guides/hackathons/hackathon_sep_27/nutritional_content_analysis_swarm.py:83
api_key = os.getenv("SWARMS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #a7dc83c10454db3d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/guides/hackathons/hackathon_sep_27/nutritional_content_analysis_swarm.py:90 · flow /tmp/closeopen-rw5qdvyn/repo/examples/guides/hackathons/hackathon_sep_27/nutritional_content_analysis_swarm.py:83 → /tmp/closeopen-rw5qdvyn/repo/examples/guides/hackathons/hackathon_sep_27/nutritional_content_analysis_swarm.py:90
print(response.json())

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #1e9fb34aa7963fb9 Environment-variable access.
repo/examples/guides/mem0/mem0_and_swarms.py:12
MEM0_API_KEY = os.getenv("MEM0_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #069300a8ba29b992 Filesystem access.
repo/examples/guides/mem0/mem0_and_swarms.py:65
    with open(pdf_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c4bea5ea97515c70 Filesystem access.
repo/examples/guides/mem0/mem0_and_swarms.py:117
        with open(csv_path, newline="", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b4deccbc03070cd4 Environment-variable access.
repo/examples/guides/voice_agents/voice_agents_examples/google_calendar_agent.py:149
        access_token = os.getenv("GOOGLE_CALENDAR_ACCESS_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #69646f3e17355225 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/guides/voice_agents/voice_agents_examples/google_calendar_agent.py:193
            response = client.post(
                url,
                headers=headers,
                json=event_data,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #5e821d32f9a927ec Environment-variable access.
repo/examples/guides/voice_agents/voice_agents_examples/google_calendar_agent.py:247
        access_token = os.getenv("GOOGLE_CALENDAR_ACCESS_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #bc40497628693a1c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/guides/voice_agents/voice_agents_examples/google_calendar_agent.py:279
            response = client.get(
                url,
                headers=headers,
                params=params,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #008ee532c24077df Environment-variable access.
repo/examples/guides/voice_agents/voice_agents_examples/google_calendar_agent.py:316
        access_token = os.getenv("GOOGLE_CALENDAR_ACCESS_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #07ac6564b358c770 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/guides/voice_agents/voice_agents_examples/google_calendar_agent.py:334
            response = client.get(
                url,
                headers=headers,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #fab5c7797d8fdb39 Environment-variable access.
repo/examples/guides/x402_examples/agent_integration/x402_agent_buying.py:39
    key = os.getenv("X402_PRIVATE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #f9b65fedba341f83 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/guides/x402_examples/agent_integration/x402_agent_buying.py:47
        response = await client.get(endpoint)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #724a6af13a9b89f1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/guides/x402_examples/agent_integration/x402_agent_buying.py:48 · flow /tmp/closeopen-rw5qdvyn/repo/examples/guides/x402_examples/agent_integration/x402_agent_buying.py:39 → /tmp/closeopen-rw5qdvyn/repo/examples/guides/x402_examples/agent_integration/x402_agent_buying.py:48
        print(await response.aread())

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low egress test-only Excluded from app score #47312e5611baa549 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/guides/x402_examples/agent_integration/x402_discovery_query.py:54
        response = await client.get(url, params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #efbed53bab27c2b4 Environment-variable access.
repo/examples/guides/x402_examples/memecoin_agent_x402.py:130
        pay_to_address=os.getenv(
            "WALLET_ADDRESS", "0xYourWalletAddress"
        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #74a86ad317d7fd2f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/mcp/servers/mcp_test.py:33
        response = requests.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #07d0c07c5617c0fc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/mcp/servers/mcp_test.py:83
        response = requests.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #93b1e6e3905ff586 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/mcp/servers/okx_crypto_server.py:40
        response = requests.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #2249b588bb2bf33c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/mcp/servers/okx_crypto_server.py:96
        response = requests.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #c0d5cd6e66086d56 Environment-variable access.
repo/examples/models/openai/5.4_openai.py:9
    api_key=os.getenv("SWARMS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #b61907d55a67c3ef PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/models/openai/5.4_openai.py:40 · flow /tmp/closeopen-rw5qdvyn/repo/examples/models/openai/5.4_openai.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/models/openai/5.4_openai.py:40
print(json.dumps(result, indent=4))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #273867398d60616b Environment-variable access.
repo/examples/multi_agent/asb/auto_swarm_router.py:10
api_key = os.getenv("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #757d29fff2975c6c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/multi_agent/asb/auto_swarm_router.py:120 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/asb/auto_swarm_router.py:10 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/asb/auto_swarm_router.py:120
    print(result)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #298d29a399909ab1 Filesystem access.
repo/examples/multi_agent/council/judges/council_judge_evaluation.py:106
                with open(self.results_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8b757d2c4e823723 Filesystem access.
repo/examples/multi_agent/council/judges/council_judge_evaluation.py:125
        with open(self.results_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2f7afd24fb06e4b6 Filesystem access.
repo/examples/multi_agent/graphworkflow_examples/graph_workflow_serialization.py:75
with open(spec_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3502b4f28a57e5d8 Filesystem access.
repo/examples/multi_agent/graphworkflow_examples/graph_workflow_serialization.py:91
with open(spec_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8cd206b7a1664f4e Environment-variable access.
repo/examples/multi_agent/groupchat/groupchat_examples/groupchat_example.py:14
    os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #68ed283b10f2ed7a Environment-variable access.
repo/examples/multi_agent/hscf_examples/simple_hscf.py:8
api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e573a20130d297ad Environment-variable access.
repo/examples/multi_agent/mar/model_router_example.py:7
model_router = ModelRouter(api_key=os.getenv("OPENAI_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6b11f0a913cc3e6a Filesystem access.
repo/examples/multi_agent/paper_implementations/long_agent.py:59
        with open(file_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1fafc12ccc8aef36 Filesystem access.
repo/examples/multi_agent/paper_implementations/long_agent.py:84
        with open(file_path, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #169dc57a234952e5 Filesystem access.
repo/examples/multi_agent/planner_generator_evaluator/pge_with_tools_example.py:31
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5e07f8301c9bb7d3 Filesystem access.
repo/examples/multi_agent/planner_generator_evaluator/pge_with_tools_example.py:48
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d6f138b0e039eccd Environment-variable access.
repo/examples/multi_agent/sequential_workflow/sequential_workflow.py:9
api_key = os.getenv("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #339b66e27dbddf59 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/multi_agent/sequential_workflow/sequential_workflow.py:143 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/sequential_workflow/sequential_workflow.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/sequential_workflow/sequential_workflow.py:143
    print(result)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #cc09b13d5879f9a8 Filesystem access.
repo/examples/multi_agent/simulations/agent_map/agent_map_simulation.py:1230
            with open(filename, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dc6e4d3950903447 Filesystem access.
repo/examples/multi_agent/simulations/euroswarm_parliament/wikipedia_personality_scraper.py:124
            with open(xml_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #40089f4133deb9d8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/multi_agent/simulations/euroswarm_parliament/wikipedia_personality_scraper.py:185
            response = self.session.get(
                search_url, params=search_params
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #c7e8f4dce7fa268e Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/multi_agent/simulations/euroswarm_parliament/wikipedia_personality_scraper.py:199
            response = self.session.get(
                search_url, params=search_params
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #01f52fdc2476552e Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/multi_agent/simulations/euroswarm_parliament/wikipedia_personality_scraper.py:244
            response = self.session.get(
                content_url, params=content_params
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #879e0eecd5cc137c Filesystem access.
repo/examples/multi_agent/simulations/euroswarm_parliament/wikipedia_personality_scraper.py:529
        with open(filepath, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #874379143f5c07b0 Filesystem access.
repo/examples/multi_agent/simulations/euroswarm_parliament/wikipedia_personality_scraper.py:598
        with open(filepath, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #268caa5fe7139464 Filesystem access.
repo/examples/multi_agent/spreadsheet_examples/spreadsheet_swarm_usage.py:68
    with open("agents.csv", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #316d84bb61dfe65c Filesystem access.
repo/examples/multi_agent/spreadsheet_examples/spreadsheet_swarm_usage.py:115
    with open("research_agents.csv", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e6b603d01eb2713e Environment-variable access.
repo/examples/multi_agent/swarm_rearrange_examples/swarm_rearrange_demo.py:10
api_key = os.getenv("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #1174cda20c2884f0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/multi_agent/swarm_rearrange_examples/swarm_rearrange_demo.py:215 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarm_rearrange_examples/swarm_rearrange_demo.py:10 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarm_rearrange_examples/swarm_rearrange_demo.py:215
print(
    swarm_arrange.run(
        "Analyze NVIDIA's performance, market trends, and potential for growth in the AI industry"
    )
)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #ec31562578d37214 Filesystem access.
repo/examples/multi_agent/swarm_router/swarm_router_test.py:68
with open("output.json", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b1f0cacfd4a70282 Environment-variable access.
repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:11
API_KEY = os.getenv("SWARMS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #a1f4d0ad5049f9e5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:22
    response = requests.get(f"{BASE_URL}/health", headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #d4c78ee58fa31972 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:22 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:11 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:22
    response = requests.get(f"{BASE_URL}/health", headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low egress test-only Excluded from app score #a7761e5b77db810c Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:74
    response = requests.post(
        f"{BASE_URL}/v1/swarm/completions",
        headers=headers,
        json=payload,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #615bc12a2f571ca3 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:74 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:11 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:74
    response = requests.post(
        f"{BASE_URL}/v1/swarm/completions",
        headers=headers,
        json=payload,
    )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #f2d14cab6a6894a6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:81 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:11 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:81
    print(response.json())

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #41a1315fc63c2f91 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:82 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:11 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/hedge_fund_swarm.py:82
    print(response.status_code)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #94c35ff90cd22e5c Environment-variable access.
repo/examples/multi_agent/swarms_api_examples/medical_swarm.py:9
API_KEY = os.getenv("SWARMS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #168ba75e2451b219 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/multi_agent/swarms_api_examples/medical_swarm.py:84
    response = requests.post(
        f"{BASE_URL}/v1/swarm/completions",
        headers=headers,
        json=payload,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #f055b9b7eaa65be3 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/multi_agent/swarms_api_examples/medical_swarm.py:84 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/medical_swarm.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/medical_swarm.py:84
    response = requests.post(
        f"{BASE_URL}/v1/swarm/completions",
        headers=headers,
        json=payload,
    )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #2fa9cb9acd635211 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/multi_agent/swarms_api_examples/medical_swarm.py:94 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/medical_swarm.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/medical_swarm.py:94
        print(f"Error {response.status_code}: {response.text}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #92e0d961f283e0dc Environment-variable access.
repo/examples/multi_agent/swarms_api_examples/swarms_api_client.py:48
    api_key=os.getenv("SWARMS_API_KEY"), format_type="json"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #e69511d911ac191e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/multi_agent/swarms_api_examples/swarms_api_client.py:53 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/swarms_api_client.py:48 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/swarms_api_client.py:53
print(json.dumps(response, indent=4))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #a1a11a9e20d09527 Environment-variable access.
repo/examples/multi_agent/swarms_api_examples/swarms_api_example.py:9
API_KEY = os.getenv("SWARMS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #7ffcc72b431fe5fa Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/multi_agent/swarms_api_examples/swarms_api_example.py:87
    response = requests.post(
        f"{BASE_URL}/swarm/completion",
        headers=headers,
        json=payload,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #3e1f736efe06c740 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/multi_agent/swarms_api_examples/swarms_api_example.py:87 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/swarms_api_example.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/swarms_api_example.py:87
    response = requests.post(
        f"{BASE_URL}/swarm/completion",
        headers=headers,
        json=payload,
    )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #f20d8a0fbced48e0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/multi_agent/swarms_api_examples/swarms_api_example.py:97 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/swarms_api_example.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/swarms_api_example.py:97
        print(f"Error {response.status_code}: {response.text}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #9e769f868e9b67c3 Environment-variable access.
repo/examples/multi_agent/swarms_api_examples/tools_examples.py:9
API_KEY = os.getenv("SWARMS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #53b2cc7d92cbc7d6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/multi_agent/swarms_api_examples/tools_examples.py:119
    response = requests.post(
        f"{BASE_URL}/v1/swarm/completions",
        headers=headers,
        json=payload,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #2098dca809644384 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/multi_agent/swarms_api_examples/tools_examples.py:119 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/tools_examples.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/tools_examples.py:119
    response = requests.post(
        f"{BASE_URL}/v1/swarm/completions",
        headers=headers,
        json=payload,
    )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #7a67cd383302d479 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/multi_agent/swarms_api_examples/tools_examples.py:129 · flow /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/tools_examples.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/multi_agent/swarms_api_examples/tools_examples.py:129
        print(f"Error {response.status_code}: {response.text}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #629a2d033cf8e4eb Environment-variable access.
repo/examples/multi_agent/utils/agent_communication_examples.py:17
os.environ["OPENAI_API_KEY"] = "your-openai-api-key"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #266606268ac3a6a8 Environment-variable access.
repo/examples/single_agent/capabilities/autonomy/autonomous_agents/autonomous_agent.py:51
    api_key = os.getenv("EXA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #6723c05b97cdfdee Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/autonomy/autonomous_agents/autonomous_agent.py:89
        response = httpx.post(
            "https://api.exa.ai/search",
            json=payload,
            headers=headers,
            timeout=30,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #dba7812131cf3097 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/single_agent/capabilities/autonomy/autonomous_agents/autonomous_agent.py:89 · flow /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/capabilities/autonomy/autonomous_agents/autonomous_agent.py:51 → /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/capabilities/autonomy/autonomous_agents/autonomous_agent.py:89
        response = httpx.post(
            "https://api.exa.ai/search",
            json=payload,
            headers=headers,
            timeout=30,
        )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low env_fs test-only Excluded from app score #b3c3ead9d9f57daa Environment-variable access.
repo/examples/single_agent/capabilities/autonomy/autonomous_agents/marketplace_and_auto_agent.py:50
    api_key = os.getenv("EXA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #b4ffe64edb2c5f9c Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/autonomy/autonomous_agents/marketplace_and_auto_agent.py:88
        response = httpx.post(
            "https://api.exa.ai/search",
            json=payload,
            headers=headers,
            timeout=30,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #eb108584bb9fb36a A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/single_agent/capabilities/autonomy/autonomous_agents/marketplace_and_auto_agent.py:88 · flow /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/capabilities/autonomy/autonomous_agents/marketplace_and_auto_agent.py:50 → /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/capabilities/autonomy/autonomous_agents/marketplace_and_auto_agent.py:88
        response = httpx.post(
            "https://api.exa.ai/search",
            json=payload,
            headers=headers,
            timeout=30,
        )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low env_fs test-only Excluded from app score #7a8aaec0a0bcd00f Environment-variable access.
repo/examples/single_agent/capabilities/autonomy/handoffs/autonomous_agent_with_handoffs_example.py:63
    api_key = os.getenv("EXA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #40fd8485eaf11f76 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/autonomy/handoffs/autonomous_agent_with_handoffs_example.py:103
        response = httpx.post(
            "https://api.exa.ai/search",
            json=payload,
            headers=headers,
            timeout=30,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #12dcd9ef87a5057c A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/single_agent/capabilities/autonomy/handoffs/autonomous_agent_with_handoffs_example.py:103 · flow /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/capabilities/autonomy/handoffs/autonomous_agent_with_handoffs_example.py:63 → /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/capabilities/autonomy/handoffs/autonomous_agent_with_handoffs_example.py:103
        response = httpx.post(
            "https://api.exa.ai/search",
            json=payload,
            headers=headers,
            timeout=30,
        )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low env_fs test-only Excluded from app score #c04e969bfa3e149c Environment-variable access.
repo/examples/single_agent/capabilities/rag/full_agent_rag_example.py:15
api_key = os.getenv("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8b401d788830f7fd Environment-variable access.
repo/examples/single_agent/capabilities/rag/pinecone_example.py:13
    api_key=os.getenv("PINECONE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #21786b653b0ab52b Environment-variable access.
repo/examples/single_agent/capabilities/rag/pinecone_example.py:14
    environment=os.getenv("PINECONE_ENVIRONMENT"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #379b8e2f16e26602 Environment-variable access.
repo/examples/single_agent/capabilities/rag/qdrant_agent.py:167
    url=os.getenv("QDRANT_URL"),  # Optional: For cloud deployment

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3d0c606c1d3169fa Environment-variable access.
repo/examples/single_agent/capabilities/rag/qdrant_agent.py:168
    api_key=os.getenv(
        "QDRANT_API_KEY"
    ),  # Optional: For cloud deployment

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c3b3fa78f0939c91 Environment-variable access.
repo/examples/single_agent/capabilities/rag/qdrant_rag_example.py:17
    url=os.getenv("QDRANT_URL", "https://your-cluster.qdrant.io"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2f58301182afb913 Environment-variable access.
repo/examples/single_agent/capabilities/rag/qdrant_rag_example.py:18
    api_key=os.getenv("QDRANT_API_KEY", "your-api-key"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #056bab533ee901cb Filesystem access.
repo/examples/single_agent/capabilities/rag/simple_example.py:100
        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #aad423577cc3d190 Filesystem access.
repo/examples/single_agent/capabilities/skills/agent_with_custom_skill.py:52
with open("./my_custom_skills/customer-support/SKILL.md", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d63e0004040e3cb6 Environment-variable access.
repo/examples/single_agent/capabilities/tools/agent_with_exa.py:47
    api_key = os.getenv("EXA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #db4dac0d1fe22ca2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/tools/agent_with_exa.py:93
        response = httpx.post(
            "https://api.exa.ai/search",
            json=payload,
            headers=headers,
            timeout=30,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #d1a7d2965fedba02 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/single_agent/capabilities/tools/agent_with_exa.py:93 · flow /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/capabilities/tools/agent_with_exa.py:47 → /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/capabilities/tools/agent_with_exa.py:93
        response = httpx.post(
            "https://api.exa.ai/search",
            json=payload,
            headers=headers,
            timeout=30,
        )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low egress test-only Excluded from app score #0f6c5becd0ed2870 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/tools/litellm_tool_example.py:21
    response = requests.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #e3423a734fe37198 Environment-variable access.
repo/examples/single_agent/capabilities/tools/multi_tool_usage_agent.py:419
    openai_api_key=os.getenv("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #671021725f73a565 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/tools/new_tools_examples.py:36
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #285619b7fdcf70a0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/tools/new_tools_examples.py:86
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #8db07cf509fc22f4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/tools/new_tools_examples.py:147
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #61f7b40fc282482e Environment-variable access.
repo/examples/single_agent/capabilities/tools/omni_modal_agent.py:11
api_token = os.getenv("REPLICATE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #06a49241ba6c2ce3 Environment-variable access.
repo/examples/single_agent/capabilities/tools/omni_modal_agent.py:50
    api_token = os.getenv("REPLICATE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #109d930a0dd1b9f7 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/single_agent/capabilities/tools/omni_modal_agent.py:83 · flow /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/capabilities/tools/omni_modal_agent.py:50 → /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/capabilities/tools/omni_modal_agent.py:83
    response = requests.post(url, headers=headers, json=data)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low egress test-only Excluded from app score #f0a85099f4ca85b5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/tools/solana_tool/solana_tool.py:83
            response = session.post(endpoint, json=payload, timeout=5)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #3fa2a7be0cc215c5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/tools/solana_tool/solana_tool.py:151
                response = session.post(
                    api_endpoint, json=payload, timeout=10
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #93cbd7e7a043b0e7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/tools/solana_tool/solana_tool.py:215
                response = session.post(
                    api_endpoint, json=tx_payload, timeout=10
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #25be4390f91a29d1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/single_agent/capabilities/tools/solana_tool/solana_tool_test.py:98
            response = requests.post(
                endpoint,
                json=payload,
                timeout=10,
                headers={"Content-Type": "application/json"},
                verify=True,  # Ensure SSL verification
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #f8b74b3443e07500 Environment-variable access.
repo/examples/single_agent/demos/persistent_legal_agent.py:22
    api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f300446a472c67aa Environment-variable access.
repo/examples/single_agent/demos/persistent_legal_agent.py:26
    api_key = os.getenv("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #88a5915570454445 Filesystem access.
repo/examples/single_agent/demos/persistent_legal_agent.py:112
    with open("generated_term_sheet_draft.md", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e7d01fe8c713f525 Environment-variable access.
repo/examples/single_agent/getting_started/onboarding/onboard-basic.py:18
api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #c8670efd29884206 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/single_agent/getting_started/onboarding/onboard-basic.py:25 · flow /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/getting_started/onboarding/onboard-basic.py:18 → /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/getting_started/onboarding/onboard-basic.py:25
print(model)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #0fe005873985e151 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/single_agent/getting_started/onboarding/onboard-basic.py:33 · flow /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/getting_started/onboarding/onboard-basic.py:18 → /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/getting_started/onboarding/onboard-basic.py:33
    print(task_results)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #560f1b072a2ae896 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/single_agent/getting_started/onboarding/onboard-basic.py:34 · flow /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/getting_started/onboarding/onboard-basic.py:18 → /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/getting_started/onboarding/onboard-basic.py:34
    logger.info(f"Results from agents: {task_results}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #2950a6ff4545c27b Environment-variable access.
repo/examples/single_agent/reasoning/reasoning_duo.py:12
    openai_api_key=os.getenv("TOGETHER_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d2a86d5de2ab0420 Filesystem access.
repo/examples/single_agent/utils/autosaving_examples/autosave_basic_example.py:37
    with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #77abfb588bae0d84 Filesystem access.
repo/examples/single_agent/utils/autosaving_examples/autosave_config_access_example.py:32
    with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #95e4dbba6a7442a6 Filesystem access.
repo/examples/single_agent/utils/autosaving_examples/autosave_recovery_example.py:43
    with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e8385d8b15bfebf9 Environment-variable access.
repo/examples/single_agent/utils/custom_agent_base_url.py:19
    llm_api_key=os.getenv(
        "OPENROUTER_API_KEY"
    ),  # Use the correct Grok API key environment variable

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #929e3bcc41d79e48 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/single_agent/utils/custom_agent_base_url.py:29 · flow /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/utils/custom_agent_base_url.py:19 → /tmp/closeopen-rw5qdvyn/repo/examples/single_agent/utils/custom_agent_base_url.py:29
print(out)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #ad5520a38b9000af Filesystem access.
repo/examples/tools/agent_as_tools.py:38
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8f43f8bd16b713b2 Filesystem access.
repo/examples/tools/agent_as_tools.py:139
    with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #37f5ee050d06dc65 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/agent_as_tools.py:326
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #442be0633009ae8f Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/base_tool_examples/conver_funcs_to_schema.py:38
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #74bbbd71b80a949a Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/base_tool_examples/conver_funcs_to_schema.py:88
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #d08e969b29828870 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/base_tool_examples/conver_funcs_to_schema.py:149
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #78c3735995602245 Filesystem access.
repo/examples/tools/base_tool_examples/test_base_tool_comprehensive.py:773
    with open("base_tool_test_report.md", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4ce19c89c0eee2da Filesystem access.
repo/examples/tools/base_tool_examples/test_base_tool_comprehensive_fixed.py:894
    with open("base_tool_test_report_fixed.md", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #1b0d18ab0d1642b5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/many_tool_use_demo.py:38
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #7cd5a5d8a1cbb7f4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/many_tool_use_demo.py:88
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #8435f975742dfac7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/many_tool_use_demo.py:149
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #39f7f65b5d439ddf Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/many_tool_use_demo.py:205
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #91cc9961e8135468 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/many_tool_use_demo.py:236
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #440313105dda5ef2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/many_tool_use_demo.py:275
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #c9c0cac3e31de271 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/many_tool_use_demo.py:301
        response = requests.get(url, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #b659b98b77e4ba20 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/many_tool_use_demo.py:327
        response = requests.get(url, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #b3672d8b3e1e01cf Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/many_tool_use_demo.py:353
        response = requests.get(url, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #bfe368a8523c34b3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/many_tool_use_demo.py:392
            response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #87326d924c8cc5fd Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/multi_tool_anthropic.py:36
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #60b0bc0eafac5e7c Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/multi_tool_anthropic.py:86
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #520a455f286e55c1 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/multi_tool_use/multi_tool_anthropic.py:147
        response = requests.get(url, params=params, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #d016163467bb0d2a Environment-variable access.
repo/examples/tools/social_media/social_media_tools.py:64
    value = os.getenv(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #dc9e0f3705316f8f Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/social_media/social_media_tools.py:167
        response = requests.post(
            "https://api.linkedin.com/v2/ugcPosts",
            headers={
                "Authorization": f"Bearer {token}",
                "X-Restli-Protocol-Version": "2.0.0",
                "Content-Type": "application/json",
            },
            json=body,
            timeout=15,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #e1245eea880a0a70 Environment-variable access.
repo/examples/tools/social_media/social_media_tools.py:236
                "categoryId": os.getenv("YOUTUBE_CATEGORY_ID", "22"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1c670c65071c61b7 Environment-variable access.
repo/examples/tools/social_media/social_media_tools.py:239
                "privacyStatus": os.getenv(
                    "YOUTUBE_PRIVACY", "public"
                ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #5f05d7214b918719 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/tools/social_media/social_media_tools.py:284
        response = requests.post(
            f"https://api.telegram.org/bot{token}/sendMessage",
            json={
                "chat_id": chat_id,
                "text": content,
                "parse_mode": "Markdown",
                "disable_web_page_preview": False,
            },
            timeout=15,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #1430cae5e8e7327a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/tools/social_media/social_media_tools.py:322
        response = requests.post(
            webhook_url,
            json={"content": content},
            params={"wait": "true"},
            timeout=15,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #460de61b3bd46be5 Environment-variable access.
repo/examples/tools/social_media/social_media_tools.py:355
        title = os.getenv("DEVTO_TITLE") or _first_line(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #e31cb325385e9a6f Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/tools/social_media/social_media_tools.py:356
        response = requests.post(
            "https://dev.to/api/articles",
            headers={
                "api-key": api_key,
                "Content-Type": "application/json",
            },
            json={
                "article": {
                    "title": title,
                    "body_markdown": content,
                    "published": True,
                }
            },
            timeout=20,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #a5dc597d24cc9ec3 Environment-variable access.
repo/examples/tools/stagehand/1_stagehand_wrapper_agent.py:74
            or os.getenv("BROWSERBASE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0262a13313c406b4 Environment-variable access.
repo/examples/tools/stagehand/1_stagehand_wrapper_agent.py:76
            or os.getenv("BROWSERBASE_PROJECT_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0d65d9539a75d9bd Environment-variable access.
repo/examples/tools/stagehand/1_stagehand_wrapper_agent.py:79
            or os.getenv("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #60e9bde48d8d1fa6 Environment-variable access.
repo/examples/tools/stagehand/2_stagehand_tools_agent.py:51
                api_key=api_key or os.getenv("BROWSERBASE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bbb44cd461830a7c Environment-variable access.
repo/examples/tools/stagehand/2_stagehand_tools_agent.py:53
                or os.getenv("BROWSERBASE_PROJECT_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9d69ea487fd8d177 Environment-variable access.
repo/examples/tools/stagehand/2_stagehand_tools_agent.py:56
                or os.getenv("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #25814e332cdbb697 Environment-variable access.
repo/examples/utils/swarms_api/agent_overview.py:9
    api_key=os.getenv("SWARMS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #485d809c645b972e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/utils/swarms_api/agent_overview.py:36 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/agent_overview.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/agent_overview.py:36
print(json.dumps(result, indent=4))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #f343d3495119a475 Environment-variable access.
repo/examples/utils/swarms_api/batch_example.py:9
    api_key=os.getenv("SWARMS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #a506e33ed81a300e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/utils/swarms_api/batch_example.py:50 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/batch_example.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/batch_example.py:50
print(json.dumps(result, indent=4))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #b3ec5ab7d410fda6 Environment-variable access.
repo/examples/utils/swarms_api/client_example.py:8
client = SwarmsClient(api_key=os.getenv("SWARMS_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #88a90cdb5b901ba2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/utils/swarms_api/client_example.py:10 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/client_example.py:8 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/client_example.py:10
print(json.dumps(client.models.list_available(), indent=4))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #7a2b9b3f06d2ec65 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/utils/swarms_api/client_example.py:11 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/client_example.py:8 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/client_example.py:11
print(json.dumps(client.health.check(), indent=4))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #ce092c022062e151 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/utils/swarms_api/client_example.py:12 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/client_example.py:8 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/client_example.py:12
print(json.dumps(client.swarms.get_logs(), indent=4))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #4a79fa3cdeba4b18 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/utils/swarms_api/client_example.py:13 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/client_example.py:8 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/client_example.py:13
print(json.dumps(client.client.rate.get_limits(), indent=4))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #ac7981acf4c9cb58 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/utils/swarms_api/client_example.py:14 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/client_example.py:8 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/client_example.py:14
print(json.dumps(client.swarms.check_available(), indent=4))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #4c71ab2595722dfd Environment-variable access.
repo/examples/utils/swarms_api/hospital_team.py:9
    api_key=os.getenv("SWARMS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #124378abf87a9e2c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/utils/swarms_api/hospital_team.py:105 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/hospital_team.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/hospital_team.py:105
    print(json.dumps(out, indent=4))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #5c67b1ffe2462c99 Environment-variable access.
repo/examples/utils/swarms_api/icd_ten_analysis.py:9
    api_key=os.getenv("SWARMS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #912e6004c4a65c9a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/utils/swarms_api/icd_ten_analysis.py:63 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/icd_ten_analysis.py:9 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/icd_ten_analysis.py:63
print(json.dumps(out, indent=4))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #7add0f9bf1ecfdd3 Environment-variable access.
repo/examples/utils/swarms_api/legal_team.py:10
API_KEY = os.getenv("SWARMS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #50e44e29b31c38f3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/utils/swarms_api/legal_team.py:24
    response = requests.post(
        f"{BASE_URL}/v1/swarm/completions",
        headers=HEADERS,
        json=swarm_config,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #71d5edf8844c7783 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/examples/utils/swarms_api/legal_team.py:24 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/legal_team.py:10 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/legal_team.py:24
    response = requests.post(
        f"{BASE_URL}/v1/swarm/completions",
        headers=HEADERS,
        json=swarm_config,
    )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low env_fs test-only Excluded from app score #f5ac409a8862327a Environment-variable access.
repo/examples/utils/swarms_api/rate_limits.py:7
client = SwarmsClient(api_key=os.getenv("SWARMS_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #ac46afa401da61dd PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/utils/swarms_api/rate_limits.py:10 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/rate_limits.py:7 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/rate_limits.py:10
print(response)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #2ae797f4549b1b7e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/utils/swarms_api/rate_limits.py:12 · flow /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/rate_limits.py:7 → /tmp/closeopen-rw5qdvyn/repo/examples/utils/swarms_api/rate_limits.py:12
print(client.health.check())

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low egress test-only Excluded from app score #813116f299424ba2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/scripts/examples.py:15
    response = requests.get(api_url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #1d5cf1f2f8d48bd3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/github_commits.py:142
        resp = requests.get(
            api_url, headers=headers, params=params, timeout=30
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #42e88effd8ca77d4 Filesystem access.
repo/scripts/llm_txt.py:39
        with open(output_path, "w", encoding="utf-8") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #22ba794548afa781 Filesystem access.
repo/scripts/llm_txt.py:44
                    with open(
                        md_file, "r", encoding="utf-8"
                    ) as infile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74992bb664f8765e Filesystem access.
repo/swarms/agents/auto_generate_swarm_config.py:372
    with open(output_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #651160625ed59f4b Filesystem access.
repo/swarms/agents/create_agents_from_yaml.py:101
            with open(yaml_file, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bfb514e751daf14 Filesystem access.
repo/swarms/artifacts/main_artifact.py:154
        with open(self.file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b6e06196856bb86 Filesystem access.
repo/swarms/artifacts/main_artifact.py:161
        with open(self.file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa78bf8479546310 Filesystem access.
repo/swarms/artifacts/main_artifact.py:197
        with open(file_path, "w") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca25570ef7f0b2b9 Filesystem access.
repo/swarms/artifacts/main_artifact.py:211
        with open(file_path, "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4fc466158a86f57 Environment-variable access.
repo/swarms/cli/main.py:1878
        existing = os.environ.get(env_var, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d38d745701b3a3e Filesystem access.
repo/swarms/cli/main.py:1966
    env_path.write_text("\n".join(env_lines) + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c06fe6ceb8764a8a Environment-variable access.
repo/swarms/cli/main.py:1989
        if collected_keys.get(v) or os.environ.get(v)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dce070ca17daaa4f Environment-variable access.
repo/swarms/cli/utils.py:51
    if os.getenv("OPENAI_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1ae136281c46032 Environment-variable access.
repo/swarms/cli/utils.py:53
    if os.getenv("ANTHROPIC_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64a9bd00bc8f8883 Environment-variable access.
repo/swarms/cli/utils.py:55
    if os.getenv("GROQ_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5ce597a73fd850c Environment-variable access.
repo/swarms/cli/utils.py:57
    if os.getenv("GOOGLE_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c2611ce5013a1b2 Environment-variable access.
repo/swarms/cli/utils.py:59
    if os.getenv("COHERE_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #561f22146684fb26 Environment-variable access.
repo/swarms/cli/utils.py:61
    if os.getenv("MISTRAL_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eaed28eb23c5ff5b Environment-variable access.
repo/swarms/cli/utils.py:63
    if os.getenv("TOGETHER_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb65ab38771f3920 Filesystem access.
repo/swarms/cli/utils.py:193
            content = env_path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5782402474f4d29 Environment-variable access.
repo/swarms/cli/utils.py:277
        "OPENAI_API_KEY": os.getenv("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfb637e37f8e8357 Environment-variable access.
repo/swarms/cli/utils.py:278
        "ANTHROPIC_API_KEY": os.getenv("ANTHROPIC_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a171e071fa01b85f Environment-variable access.
repo/swarms/cli/utils.py:279
        "GOOGLE_API_KEY": os.getenv("GOOGLE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f880a6bfb04a8a5c Environment-variable access.
repo/swarms/cli/utils.py:280
        "COHERE_API_KEY": os.getenv("COHERE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8761ec31ef3d52d4 Filesystem access.
repo/swarms/cli/utils.py:512
        with open(cache_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9342cebf7893ab3 Filesystem access.
repo/swarms/cli/utils.py:522
        with open(cache_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fe9f0c6e8bb23ee Filesystem access.
repo/swarms/prompts/prompt.py:253
        with open(file_path, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c49cd4d8de1023f Filesystem access.
repo/swarms/structs/agent.py:1996
            with open(temp_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29038fedba3b4690 Filesystem access.
repo/swarms/structs/agent.py:3695
            with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f5a0cceff4b527c Filesystem access.
repo/swarms/structs/agent.py:4604
                with open(skill_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dd1071b3af5f1e6 Filesystem access.
repo/swarms/structs/agent.py:4698
                    with open(
                        skill["path"], "r", encoding="utf-8"
                    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de01b9ebe551bea3 Filesystem access.
repo/swarms/structs/agent_loader.py:331
        with open(self.file_path, "w", newline="") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7476da493392bf30 Filesystem access.
repo/swarms/structs/agent_loader.py:338
        with open(self.file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4100e28743d82ef2 Filesystem access.
repo/swarms/structs/agent_loader.py:343
        with open(self.file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7041aeea044eb92f Filesystem access.
repo/swarms/structs/agent_loader.py:348
        with open(self.file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #675abe0d17bb050f Filesystem access.
repo/swarms/structs/agent_loader.py:354
        with open(self.file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #754945e890b72270 Filesystem access.
repo/swarms/structs/agent_loader.py:359
        with open(self.file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0fb5d5f6305668c Filesystem access.
repo/swarms/structs/autonomous_loop_utils.py:674
        with open(full_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca269baf5b83bc3c Filesystem access.
repo/swarms/structs/autonomous_loop_utils.py:731
            with open(full_path, "a", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c7eb07361373a7d Filesystem access.
repo/swarms/structs/autonomous_loop_utils.py:735
            with open(full_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1eed9f080a5eddaa Filesystem access.
repo/swarms/structs/autonomous_loop_utils.py:784
        with open(full_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #340060d135e8d878 Filesystem access.
repo/swarms/structs/base_structure.py:100
        with open(file_path, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #966b1c67ecd04ff9 Filesystem access.
repo/swarms/structs/base_structure.py:112
        with open(file_path) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9542d22e47d9dd8 Filesystem access.
repo/swarms/structs/base_structure.py:147
        with open(file_path, "a") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb4ddc0eb45c9be7 Filesystem access.
repo/swarms/structs/base_structure.py:200
        with open(file, "a") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21916c1e87d71b0e Filesystem access.
repo/swarms/structs/base_swarm.py:606
            with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d024ad20011f9aa Filesystem access.
repo/swarms/structs/base_swarm.py:622
            with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43bb97d42d72ad03 Filesystem access.
repo/swarms/structs/base_swarm.py:638
            with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #989bd79fc8acbd28 Filesystem access.
repo/swarms/structs/base_swarm.py:654
            with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc7ed8f10c6be45e Environment-variable access.
repo/swarms/structs/concurrent_workflow.py:646
            if not os.getenv("WORKSPACE_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c26df5ce002d3fe5 Environment-variable access.
repo/swarms/structs/concurrent_workflow.py:650
                os.environ["WORKSPACE_DIR"] = default_workspace

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90afa24287936edb Filesystem access.
repo/swarms/structs/concurrent_workflow.py:706
                with open(
                    conversation_path, "w", encoding="utf-8"
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2bc03607ca2fe28 Filesystem access.
repo/swarms/structs/conversation.py:225
            with open(conversation_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ce5fb49da8702b3 Filesystem access.
repo/swarms/structs/conversation.py:271
                with open(
                    self.memory_md_path, "w", encoding="utf-8"
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c1b1cd9c6edca5d Filesystem access.
repo/swarms/structs/conversation.py:287
            with open(
                self.memory_md_path, "r", encoding="utf-8"
            ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56e186803346c166 Filesystem access.
repo/swarms/structs/conversation.py:386
            with open(
                self.memory_md_path, "r", encoding="utf-8"
            ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d12296ce7d4f41f Filesystem access.
repo/swarms/structs/conversation.py:409
            with open(archive_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3347d4ba1053193 Filesystem access.
repo/swarms/structs/conversation.py:439
                with open(
                    self.memory_md_path, "a", encoding="utf-8"
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cdbf3385fb3ff58 Filesystem access.
repo/swarms/structs/conversation.py:688
            with open(filename, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20f12490ef19c46f Filesystem access.
repo/swarms/structs/conversation.py:840
            with open(self.save_filepath, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7662270e605e16a9 Filesystem access.
repo/swarms/structs/conversation.py:877
            with open(self.save_filepath, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52e9cc0e6d292d7e Filesystem access.
repo/swarms/structs/conversation.py:944
                with open(filename, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0053eb823e14ee6a Filesystem access.
repo/swarms/structs/conversation.py:977
                with open(filename, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e76aab521ed1d2f8 Filesystem access.
repo/swarms/structs/conversation.py:1413
                    with open(filepath) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adf182fb6954c6b3 Filesystem access.
repo/swarms/structs/dynamic_skills_loader.py:61
                with open(skill_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c160dd89b37e690 Filesystem access.
repo/swarms/structs/graph_workflow.py:1907
                                    checkpoint_path.read_text(
                                        encoding="utf-8"
                                    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cb6b2a5509db36e Filesystem access.
repo/swarms/structs/graph_workflow.py:2173
                            checkpoint_path.write_text(
                                json.dumps(
                                    layer_outputs,
                                    indent=2,
                                    default=str,
                                ),
                                encoding="utf-8",
                            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #094d92fd23702943 Filesystem access.
repo/swarms/structs/graph_workflow.py:2767
        with open(path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d3570b778bca80a Filesystem access.
repo/swarms/structs/graph_workflow.py:3360
            with open(filepath, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38c875e03c538032 Filesystem access.
repo/swarms/structs/graph_workflow.py:3404
            with open(filepath, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0368ef4f9bcd4540 Environment-variable access.
repo/swarms/structs/hiearchical_swarm.py:381
            if not os.getenv("WORKSPACE_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecf1b0bee9ebe149 Environment-variable access.
repo/swarms/structs/hiearchical_swarm.py:385
                os.environ["WORKSPACE_DIR"] = default_workspace

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72240e4e0eec43bb Filesystem access.
repo/swarms/structs/hiearchical_swarm.py:440
                with open(
                    conversation_path, "w", encoding="utf-8"
                ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a618ac8b1821d3f1 Filesystem access.
repo/swarms/structs/planner_generator_evaluator.py:335
            with open(self.shared_state_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #060a346c9f182aba Filesystem access.
repo/swarms/structs/planner_generator_evaluator.py:351
        with open(self.shared_state_path, "a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0f38a1cc87e26da Filesystem access.
repo/swarms/structs/planner_generator_evaluator.py:368
        with open(self.shared_state_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5c08a435c957359 Filesystem access.
repo/swarms/structs/safe_loading.py:185
            with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4391637395a5be83 Filesystem access.
repo/swarms/structs/safe_loading.py:214
            with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f25937f8ba17d6de Environment-variable access.
repo/swarms/structs/sequential_workflow.py:520
            if not os.getenv("WORKSPACE_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7df1bec967f328b6 Environment-variable access.
repo/swarms/structs/sequential_workflow.py:524
                os.environ["WORKSPACE_DIR"] = default_workspace

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57ec475abba3e9f6 Filesystem access.
repo/swarms/structs/sequential_workflow.py:593
            with open(conversation_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84f50297eb389135 Filesystem access.
repo/swarms/structs/skill_orchestra.py:753
            with open(conv_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66d95157f50b4836 Filesystem access.
repo/swarms/structs/skill_orchestra.py:765
            with open(handbook_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13502cf1488db868 Filesystem access.
repo/swarms/structs/spreadsheet_swarm.py:133
            with open(csv_path, mode="r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba076c9e17c20d74 Filesystem access.
repo/swarms/structs/spreadsheet_swarm.py:397
        with open(self.save_file_path, mode="a", newline="") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71fdb2d51cbd5810 Environment-variable access.
repo/swarms/structs/test_prompt_caching.py:121
    return any(os.getenv(name) for name in env_names)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54b678422e948a29 Environment-variable access.
repo/swarms/telemetry/bootup.py:12
        verbose = os.getenv("SWARMS_VERBOSE_GLOBAL", "False").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69e531b8a379532f Environment-variable access.
repo/swarms/telemetry/bootup.py:22
        os.environ["WANDB_SILENT"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78ec9d35e04327ca Environment-variable access.
repo/swarms/telemetry/bootup.py:27
        os.environ["WORKSPACE_DIR"] = str(workspace_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b46997c8c5b7d1e Environment-variable access.
repo/swarms/telemetry/main.py:132
    key = os.getenv("SWARMS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #bf43c1b0a44c13bc Hardcoded external endpoint. Review what data is sent to this destination.
repo/swarms/telemetry/main.py:139
    response = requests.post(
        url, json=payload, headers=headers, timeout=10
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #dbd77feaaf9c8455 Environment-variable access.
repo/swarms/telemetry/main.py:164
    get_telemetry = os.getenv("SWARMS_TELEMETRY_ON")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d84f20ec8b45a1f Filesystem access.
repo/swarms/tools/computer_use.py:400
        data = real.read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e1d398de40482b4 Filesystem access.
repo/swarms/tools/computer_use.py:648
    with open(tmp, mode, encoding=enc) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9470292fad06b258 Filesystem access.
repo/swarms/tools/computer_use.py:707
        with open(real, "a", encoding="utf-8") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ec82777717ed7c5 Filesystem access.
repo/swarms/tools/computer_use.py:753
    text = real.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0b3077e89a62038 Environment-variable access.
repo/swarms/tools/computer_use.py:863
            for k, v in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49cbbfb1f30fcf39 Environment-variable access.
repo/swarms/tools/computer_use.py:1040
        workspace_root = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fde0d75543e63bc3 Environment-variable access.
repo/swarms/tools/computer_use.py:1040
        workspace_root = os.environ.get(
            "COMPUTER_USE_WORKSPACE", workspace_root
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ff4e5b2bd719216 Filesystem access.
repo/swarms/utils/agent_loader_markdown.py:143
            with open(file_path, "r", encoding="utf-8") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c24ecc9ce46c8df7 Environment-variable access.
repo/swarms/utils/disable_logging.py:12
    os.environ["WORKSPACE_DIR"] = "agent_workspace"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4b79d15ed07137f Environment-variable access.
repo/swarms/utils/disable_logging.py:17
    os.environ["TF_CPP_MIN_LOG_LEVEL"] = "3"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd428b797aebce1a Environment-variable access.
repo/swarms/utils/disable_logging.py:49
    workspace_dir = os.environ["WORKSPACE_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a99dc58a72fed62d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/swarms/utils/fetch_prompts_marketplace.py:158
            response = client.get(url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #37ab7463a7d60fba Filesystem access.
repo/swarms/utils/file_processing.py:97
        with open(file_path, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a36c53ecbed47a3 Filesystem access.
repo/swarms/utils/file_processing.py:125
        with open(file_path, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #49b1192d91e4c3b5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/swarms/utils/image_file_b64.py:130
        response = requests.get(image_source, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #997ea50bef1494f6 Filesystem access.
repo/swarms/utils/image_file_b64.py:135
        with open(image_source, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #185b09dd3646dabd Filesystem access.
repo/swarms/utils/image_file_b64.py:249
        with open(file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #8377025eb1a457fb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/swarms/utils/litellm_wrapper.py:85
        response = requests.get(audio_source, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #2da550a97494b9dd Filesystem access.
repo/swarms/utils/litellm_wrapper.py:89
        with open(audio_source, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b92a077d38534534 Environment-variable access.
repo/swarms/utils/swarms_marketplace_utils.py:30
    api_key = os.getenv("SWARMS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #d0ecbcefca2eac0a Hardcoded external endpoint. Review what data is sent to this destination.
repo/swarms/utils/swarms_marketplace_utils.py:113
            response = client.post(url, json=data, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f424a665e786bfc7 Environment-variable access.
repo/swarms/utils/workspace_utils.py:31
    workspace_dir = os.getenv("WORKSPACE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

litellm

python dependency
medium telemetry dependency Excluded from app score #f4ee4301a1c73ce1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/enterprise/litellm_enterprise/proxy/hooks/managed_files.py:50
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #60125a1b7337a67d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/_service_logger.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #32833bc539bf6895 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/base_cache.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #76ab082bdcc30bf8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/disk_cache.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a5042ddc65f5de6b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/dual_cache.py:28
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df765acfa50809e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cache.py:28
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #853916615aa1daed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cluster_cache.py:13
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #843fb914919ed77d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/_utils.py:9
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6307fd44129509cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:18
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #315488e462b66ca1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:10
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #432005be18c78fcf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/custom_logger.py:32
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #e75232a54f895d58 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:96 · flow /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:77 → /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:96
        verbose_logger.debug("constructed auth_header %s", auth_header)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #c752c359e8f00734 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:198 · flow /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/integrations/lago.py:178 → /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/integrations/lago.py:198
            verbose_logger.debug(f"Logged Lago Object: {response.text}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #d0423a622a5fe928 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:201 · flow /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/integrations/lago.py:178 → /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/integrations/lago.py:201
                verbose_logger.debug(f"\nError Message: {response.text}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry dependency Excluded from app score #7138f0ef93cb700c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #27c1f54d60cdedb8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langtrace.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f2493314ae76b5e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:19
    from opentelemetry.sdk.trace.export import SpanExporter as _SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #299da0b01c3e807d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:20
    from opentelemetry.trace import Context as _Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0b49535de868884c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:21
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bcc707c2b190b9bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:22
    from opentelemetry.trace import Tracer as _Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #654d93680bcbd0d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:54
    from opentelemetry.sdk.resources import OTELResourceDetector, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #79120f4695b8cd4c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:96
        from opentelemetry.sdk.trace.export.in_memory_span_exporter import (
            InMemorySpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #468b1dedb483012e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:124
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #193fd19566b57a96 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:125
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b6cb987167d25521 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:126
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #de2a91d81ce782fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:201
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #19de3043e12573ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:202
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #911be1c8dc66488a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:261
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e5c5303da32e6c44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:262
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4f3d3762c4b96d8a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:323
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ac15539d88125849 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:324
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #88e24ba7eacd384b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:390
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2beba21c4f779616 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:418
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e992856013f9ffd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:419
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5f2d7045012d545b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:524
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #64126d12f7b7956a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:934
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f206c75a6c8d770 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:945
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6f55a3117b2e69de Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:946
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6607d1be7b3b9227 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:972
        from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (
            OTLPSpanExporter as OTLPSpanExporterGRPC,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5f0de6f4e99588b7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:975
        from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
            OTLPSpanExporter as OTLPSpanExporterHTTP,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6ad09a516e24e1ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:978
        from opentelemetry.sdk.trace.export import (
            BatchSpanProcessor,
            ConsoleSpanExporter,
            SimpleSpanProcessor,
            SpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5cfbfd85fe8444d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1065
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #761c4964cfa62c38 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1066
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9bacae4bf6600211 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1118
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7df4a0f5353296fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1119
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #afbd8f7ddf449b7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:39
        from opentelemetry.semconv.ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e7d7d3fe9e970359 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:40
        from opentelemetry.trace import SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #300b2e77347c03ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/core_helpers.py:11
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a84f5ca6f3a35eee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3049
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0576c2f3318c86e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3055
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7be5c1170b076561 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3056
                from sentry_sdk.scrubber import EventScrubber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f1b70c66ab9fe95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3084
                    from posthog import Posthog

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72fc337989957b64 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3090
                    from posthog import Posthog

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #71ad4ca8dac6b112 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/logging_utils.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #009d6a0bbcb173d7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:578 · flow /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:569 → /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:578
            verbose_logger.debug(f"IRSA detected: using web identity token from {web_identity_token_file}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #5d44b59f94cfbfae A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83 · flow /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 → /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
        response = httpx.get(path, headers=headers, params=params)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #7eca897f33155004 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/main.py:2257 · flow /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/main.py:2210 → /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/main.py:2257
                logging.post_call(
                    input=messages,
                    api_key=api_key,
                    original_response=response,
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry dependency Excluded from app score #8c21d0e2edf86b54 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/_types.py:54
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b96e5f889e7bffae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_checks.py:60
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7b93d60eb3ae3a44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_exception_handler.py:18
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #a2cef5ff29bc68e1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:57 · flow /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:37 → /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:57
        verbose_proxy_logger.debug(
            "Oauth2 token validation for token=%s, response from /token/info=%s",
            token,
            data,
        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry dependency Excluded from app score #f41a30e08af52b74 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter.py:21
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6f0b3da0ed4f70f0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:29
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6dab2ee9ce9d1634 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:46
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c277cf09c498c64e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/utils.py:99
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4acd5ad2ac73b5a2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router.py:164
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4b054b673f10682d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_latency.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5af838480c1ae7f0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:21
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #22321d5f6b9ddba2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_cache.py:14
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c4ea91f396c7d0e1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_handlers.py:28
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d134e15a47ea3487 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/handle_error.py:12
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8e7b059f942b77c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/prompt_caching_cache.py:14
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 962 low-confidence finding(s)
low env_fs dependency Excluded from app score #f9ce22ca192ba9bb Environment-variable access.
pkgs/python/[email protected]/enterprise/enterprise_hooks/aporia_ai.py:44
        self.aporia_api_key = api_key or os.environ["APORIO_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35b0755024e74de8 Environment-variable access.
pkgs/python/[email protected]/enterprise/enterprise_hooks/aporia_ai.py:45
        self.aporia_api_base = api_base or os.environ["APORIO_API_BASE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d7f662af0254405 Filesystem access.
pkgs/python/[email protected]/enterprise/enterprise_hooks/banned_keywords.py:34
                with open(banned_keywords_list, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3189a0c3d9e347f Filesystem access.
pkgs/python/[email protected]/enterprise/enterprise_hooks/blocked_user_list.py:35
                with open(blocked_user_list, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22377b0a3e4d6593 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/generic_api_callback.py:46
        endpoint = endpoint or os.getenv("GENERIC_LOGGER_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96695f18a93069b4 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/generic_api_callback.py:82
        env_headers = os.getenv("GENERIC_LOGGER_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #532d87d32aafcce0 Filesystem access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/llama_guard.py:41
                with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #74c76eeb7926fe5e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/llm_guard.py:62
                    async with session.post(
                        analyze_url, json=analyze_payload
                    ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5b2161bf75ab60d4 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/pagerduty/pagerduty.py:54
        _api_key = os.getenv("PAGERDUTY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33af3d9fc0070d28 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:124
        custom_logo = os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9ae4592f0d7cb16 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:125
        custom_support = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c05415c6f9820c9 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:126
        custom_signature = os.getenv("EMAIL_SIGNATURE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5757efe3aa3d7631 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:127
        custom_subject_invitation = os.getenv("EMAIL_SUBJECT_INVITATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57f9fa9a20867454 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:128
        custom_subject_key_created = os.getenv("EMAIL_SUBJECT_KEY_CREATED", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4c23c1cd02a8479 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:146
        base_url = os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")  # Not a premium feature

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73ccddb9f39e35c7 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/resend_email.py:26
        self.resend_api_key = os.getenv("RESEND_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #848ecabd57410819 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/proxy/auth/route_checks.py:17
        if "DISABLE_LLM_API_ENDPOINTS" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04fa06b974e6bc74 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/proxy/auth/route_checks.py:35
        if "DISABLE_ADMIN_ENDPOINTS" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b45db37a0c1f9df Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/proxy/proxy_server.py:32
            docs_description = os.getenv("DOCS_DESCRIPTION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25f22f439ecc75c0 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:95
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07aa81fd3b98abc2 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:201
drop_params = bool(os.getenv("LITELLM_DROP_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1a4f8397b7381a3 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:202
modify_params = bool(os.getenv("LITELLM_MODIFY_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d716f51d5bda4b93 Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:14
json_logs = bool(os.getenv("JSON_LOGS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0185df75c170f114 Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:16
log_level = os.getenv("LITELLM_LOG", "DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dd2abab7d4d6cc4 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:170
    if "REDIS_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0c5a703c56e6212 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:171
        return os.environ["REDIS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d09262df779f68e6 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:173
    if "REDIS_HOST" not in os.environ or "REDIS_PORT" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0187293dc310569c Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:178
    if "REDIS_PASSWORD" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56debd8dc028d5eb Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:179
        redis_password = f":{os.environ['REDIS_PASSWORD']}@"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31e3ff1d4b243e5c Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:184
        f"redis://{redis_password}{os.environ['REDIS_HOST']}:{os.environ['REDIS_PORT']}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #720a935d9d77c8c3 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:113
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #825c9324057e5cb4 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:114
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35f520e46cc9bf69 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:120
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebe8d40092cae75c Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:128
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #430d91285ea7cd46 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:318
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdb742dc1e195cd5 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:319
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fe349b3c17cd4d3 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:325
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be899d5348c88e4d Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:333
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5afb496a4c06f0c Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:495
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a80df906ec53bd26 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:496
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c7984d228e58a32 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:502
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45bc744e8f8c2ede Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:510
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #891dc07cef88d803 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:684
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57d03b7ba1e38215 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:685
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #377d44e7f5981aa6 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:691
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad8643c4a31b96e Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:699
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ba447a62ffbc4c6 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:840
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbb3a0932afefd49 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:841
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a0dec42c60086f8 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:847
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c56597c24c1458c Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:855
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54178cdd0d412660 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1029
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4740809a492a40f Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1030
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcedab58af6ceae9 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1036
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eccd5270a0d01e8 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1044
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ffe1516a7a62dfc Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1191
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa919461b724faaa Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1192
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ede216937eef49e1 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1198
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92750df5e6ea6401 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1206
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d39de62e9f942dfe Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1390
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df258a49e4819afa Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1391
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d824500cd3b4fdd Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1397
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #949f4a0ced9f1324 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1405
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb1e99160c7940dd Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:160
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2013dfa5b9c305d Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:161
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef24e49aa1ac038b Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:167
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6da2ff3a083bc781 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:175
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a04ee75946b8cdf8 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:365
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fb6c425a3333f83 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:366
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b3faf0f8d2fce6e Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:372
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6aa48954c504181 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:380
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8a66a865bd00836 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:540
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #722b49f642ec017f Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:564
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2f1d5b40cf87adf Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:565
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83cc3d260e013067 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:571
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bf221cf834820c0 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:722
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0164ab816705a73c Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:723
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6fd1137d50dd328 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:729
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35f1fb50ba97248c Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:736
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33ef59126bc50683 Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:55
                with open("user_cost.json", "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ce49f83fb6dbfa96 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/budget_manager.py:65
            response = litellm.module_level_client.post(
                url, headers=self.headers, json=data
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #277c1c99e1918fd4 Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:218
            with open("user_cost.json", "w") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a7cf345ede1a3f6e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/budget_manager.py:226
            response = litellm.module_level_client.post(
                url, headers=self.headers, json=data
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b026a0e0f91bf103 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:71
            qdrant_api_base or os.getenv("QDRANT_URL") or os.getenv("QDRANT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b045dcea59ddfcf5 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:73
        qdrant_api_key = qdrant_api_key or os.getenv("QDRANT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #032a5fd750823ffd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/caching/redis_cache.py:719
            cached_response = self.redis_client.get(key)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #88c76846f9266b64 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/caching/redis_cache.py:820
            cached_response = await _redis_client.get(key)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9ff6a0dd133d4ab9 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:94
                host = host or os.environ["REDIS_HOST"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d9dea54fa0138aa Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:95
                port = port or os.environ["REDIS_PORT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6692716c98b48a3f Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:96
                password = password or os.environ["REDIS_PASSWORD"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #273005aec84d3b5b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:5
    os.getenv("AZURE_DEFAULT_RESPONSES_API_VERSION", "preview")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03939b9306956d67 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:7
ROUTER_MAX_FALLBACKS = int(os.getenv("ROUTER_MAX_FALLBACKS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bde5d95bc27f7cf4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:8
DEFAULT_BATCH_SIZE = int(os.getenv("DEFAULT_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3256fe27e2c57f59 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:9
DEFAULT_FLUSH_INTERVAL_SECONDS = int(os.getenv("DEFAULT_FLUSH_INTERVAL_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #683b9dd1c642c75f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:11
    os.getenv("DEFAULT_S3_FLUSH_INTERVAL_SECONDS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e05c3bd270a0a5ed Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:13
DEFAULT_S3_BATCH_SIZE = int(os.getenv("DEFAULT_S3_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f33c7ec2b5b1fc89 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:15
    os.getenv("DEFAULT_SQS_FLUSH_INTERVAL_SECONDS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #061c9e05569c1749 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:17
DEFAULT_SQS_BATCH_SIZE = int(os.getenv("DEFAULT_SQS_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #316764bd80843342 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:20
DEFAULT_MAX_RETRIES = int(os.getenv("DEFAULT_MAX_RETRIES", 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfb4a0c00b887630 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:21
DEFAULT_MAX_RECURSE_DEPTH = int(os.getenv("DEFAULT_MAX_RECURSE_DEPTH", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e0b1243adc30c84 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:23
    os.getenv("DEFAULT_MAX_RECURSE_DEPTH_SENSITIVE_DATA_MASKER", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b5622e6fc139aae Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:26
    os.getenv("DEFAULT_FAILURE_THRESHOLD_PERCENT", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1b6d7bc8da5c1d7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:28
DEFAULT_MAX_TOKENS = int(os.getenv("DEFAULT_MAX_TOKENS", 4096))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #394f88405ce1fe16 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:29
DEFAULT_ALLOWED_FAILS = int(os.getenv("DEFAULT_ALLOWED_FAILS", 3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d523c3e26d8c55a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:30
DEFAULT_REDIS_SYNC_INTERVAL = int(os.getenv("DEFAULT_REDIS_SYNC_INTERVAL", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a66c8d9fc5cefdbb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:31
DEFAULT_COOLDOWN_TIME_SECONDS = int(os.getenv("DEFAULT_COOLDOWN_TIME_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08c55a40dc8c8ddc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:33
    os.getenv("DEFAULT_REPLICATE_POLLING_RETRIES", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #805bfd8a7ee83000 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:36
    os.getenv("DEFAULT_REPLICATE_POLLING_DELAY_SECONDS", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1756504405a0930f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:38
DEFAULT_IMAGE_TOKEN_COUNT = int(os.getenv("DEFAULT_IMAGE_TOKEN_COUNT", 250))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d42a2117b8b2221f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:39
DEFAULT_IMAGE_WIDTH = int(os.getenv("DEFAULT_IMAGE_WIDTH", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #633618c9bd64fecd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:40
DEFAULT_IMAGE_HEIGHT = int(os.getenv("DEFAULT_IMAGE_HEIGHT", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d911fed4c967409 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:42
    os.getenv("MAX_SIZE_PER_ITEM_IN_MEMORY_CACHE_IN_KB", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6b046cc58e182f0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:45
    os.getenv("SINGLE_DEPLOYMENT_TRAFFIC_FAILURE_THRESHOLD", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7a7860165534162 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:49
    os.getenv("DEFAULT_REASONING_EFFORT_DISABLE_THINKING_BUDGET", 0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03d19ce459fd411a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:52
    os.getenv("DEFAULT_REASONING_EFFORT_LOW_THINKING_BUDGET", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4efb7acc0fdb854 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:55
    os.getenv("DEFAULT_REASONING_EFFORT_MEDIUM_THINKING_BUDGET", 2048)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2931828cb77efa9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:58
    os.getenv("DEFAULT_REASONING_EFFORT_HIGH_THINKING_BUDGET", 4096)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaf0bed995f574ad Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:61
    os.getenv("MAX_TOKEN_TRIMMING_ATTEMPTS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8e070846c0fcd0d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:73
MAX_REDIS_BUFFER_DEQUEUE_COUNT = int(os.getenv("MAX_REDIS_BUFFER_DEQUEUE_COUNT", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b46dfb9d9fbe76f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:74
MAX_SIZE_IN_MEMORY_QUEUE = int(os.getenv("MAX_SIZE_IN_MEMORY_QUEUE", 10000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d87ed2f9d787c37 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:76
    os.getenv("MAX_IN_MEMORY_QUEUE_FLUSH_COUNT", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fba5d7a77a72b7e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:80
    os.getenv("MINIMUM_PROMPT_CACHE_TOKEN_COUNT", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90d5dd304ea4fab3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:83
    os.getenv("DEFAULT_TRIM_RATIO", 0.75)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a28d05a3a00a072f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:85
HOURS_IN_A_DAY = int(os.getenv("HOURS_IN_A_DAY", 24))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a93f2e65ab7417f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:86
DAYS_IN_A_WEEK = int(os.getenv("DAYS_IN_A_WEEK", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62f5a9794ae74d39 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:87
DAYS_IN_A_MONTH = int(os.getenv("DAYS_IN_A_MONTH", 28))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6da2b15a6e5676cd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:88
DAYS_IN_A_YEAR = int(os.getenv("DAYS_IN_A_YEAR", 365))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f3975e41776d69b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:90
    os.getenv("REPLICATE_MODEL_NAME_WITH_ID_LENGTH", 64)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #327ff5e6352af6f6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:93
FUNCTION_DEFINITION_TOKEN_COUNT = int(os.getenv("FUNCTION_DEFINITION_TOKEN_COUNT", 9))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #219a60b1cee2dfa7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:94
SYSTEM_MESSAGE_TOKEN_COUNT = int(os.getenv("SYSTEM_MESSAGE_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #175520a97c26195c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:95
TOOL_CHOICE_OBJECT_TOKEN_COUNT = int(os.getenv("TOOL_CHOICE_OBJECT_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66299e48802b50e8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:97
    os.getenv("DEFAULT_MOCK_RESPONSE_PROMPT_TOKEN_COUNT", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49e3f0b8fd5bd57d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:100
    os.getenv("DEFAULT_MOCK_RESPONSE_COMPLETION_TOKEN_COUNT", 20)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14bc595af1cc39e7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:103
    os.getenv("MAX_SHORT_SIDE_FOR_IMAGE_HIGH_RES", 768)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e6199d84fe556d8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:106
    os.getenv("MAX_LONG_SIDE_FOR_IMAGE_HIGH_RES", 2000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3c36318628421d5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:108
MAX_TILE_WIDTH = int(os.getenv("MAX_TILE_WIDTH", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9506aecc7478ea80 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:109
MAX_TILE_HEIGHT = int(os.getenv("MAX_TILE_HEIGHT", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #939b9a156d8d2dfc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:111
    os.getenv("OPENAI_FILE_SEARCH_COST_PER_1K_CALLS", 2.5 / 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f14651a112f13bb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:116
    os.getenv("AZURE_FILE_SEARCH_COST_PER_GB_PER_DAY", 0.1)  # $0.1 USD per 1 GB/Day

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3023fb1d2f8632a3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:119
    os.getenv(
        "AZURE_CODE_INTERPRETER_COST_PER_SESSION", 0.03
    )  # $0.03 USD per 1 Session

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8625b36157141239 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:124
    os.getenv(
        "AZURE_COMPUTER_USE_INPUT_COST_PER_1K_TOKENS", 3.0
    )  # $0.003 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b2c5be218414d78 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:129
    os.getenv(
        "AZURE_COMPUTER_USE_OUTPUT_COST_PER_1K_TOKENS", 12.0
    )  # $0.012 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b870e12c146a772f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:134
    os.getenv(
        "AZURE_VECTOR_STORE_COST_PER_GB_PER_DAY", 0.1
    )  # $0.1 USD per 1 GB/Day (same as file search)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #384b6d88c1c49129 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:138
MIN_NON_ZERO_TEMPERATURE = float(os.getenv("MIN_NON_ZERO_TEMPERATURE", 0.0001))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #971da26aad9bb8f3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:141
    os.getenv("REPEATED_STREAMING_CHUNK_LIMIT", 100)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aea76f9810531672 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:143
DEFAULT_MAX_LRU_CACHE_SIZE = int(os.getenv("DEFAULT_MAX_LRU_CACHE_SIZE", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bb1713bbfac6bde Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:144
INITIAL_RETRY_DELAY = float(os.getenv("INITIAL_RETRY_DELAY", 0.5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #444d0ab035fffd2c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:145
MAX_RETRY_DELAY = float(os.getenv("MAX_RETRY_DELAY", 8.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d847b24ffb67218 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:146
JITTER = float(os.getenv("JITTER", 0.75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8966f4c4c053215c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:148
    os.getenv("DEFAULT_IN_MEMORY_TTL", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1448fda0ebed71ce Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:151
    os.getenv("DEFAULT_POLLING_INTERVAL", 0.03)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b57b8e602baa205d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:153
AZURE_OPERATION_POLLING_TIMEOUT = int(os.getenv("AZURE_OPERATION_POLLING_TIMEOUT", 120))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #448eacb8a980a813 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:154
REDIS_SOCKET_TIMEOUT = float(os.getenv("REDIS_SOCKET_TIMEOUT", 0.1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2a4919eff55c31c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:155
REDIS_CONNECTION_POOL_TIMEOUT = int(os.getenv("REDIS_CONNECTION_POOL_TIMEOUT", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bbc68a378350020 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:157
    os.getenv("NON_LLM_CONNECTION_TIMEOUT", 15)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ab5bfa29fd96f19 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:159
MAX_EXCEPTION_MESSAGE_LENGTH = int(os.getenv("MAX_EXCEPTION_MESSAGE_LENGTH", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a592755fac9fa40 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:160
MAX_STRING_LENGTH_PROMPT_IN_DB = int(os.getenv("MAX_STRING_LENGTH_PROMPT_IN_DB", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e2a8f6663fc9d7f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:161
BEDROCK_MAX_POLICY_SIZE = int(os.getenv("BEDROCK_MAX_POLICY_SIZE", 75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f366bd50c11376b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:163
    os.getenv("REPLICATE_POLLING_DELAY_SECONDS", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a55d32651a5a0b1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:166
    os.getenv("DEFAULT_ANTHROPIC_CHAT_MAX_TOKENS", 4096)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3e93eabd87aa21c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:168
TOGETHER_AI_4_B = int(os.getenv("TOGETHER_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7a4ba3684aa5023 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:169
TOGETHER_AI_8_B = int(os.getenv("TOGETHER_AI_8_B", 8))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #932c673cf2067797 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:170
TOGETHER_AI_21_B = int(os.getenv("TOGETHER_AI_21_B", 21))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ce17f9ba0cf5005 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:171
TOGETHER_AI_41_B = int(os.getenv("TOGETHER_AI_41_B", 41))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55cf3eb8d4fec18f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:172
TOGETHER_AI_80_B = int(os.getenv("TOGETHER_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aec9394093664325 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:173
TOGETHER_AI_110_B = int(os.getenv("TOGETHER_AI_110_B", 110))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67417c89485fb0b6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:174
TOGETHER_AI_EMBEDDING_150_M = int(os.getenv("TOGETHER_AI_EMBEDDING_150_M", 150))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d7cd4f091db36e1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:175
TOGETHER_AI_EMBEDDING_350_M = int(os.getenv("TOGETHER_AI_EMBEDDING_350_M", 350))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5f09bb40224f037 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:176
QDRANT_SCALAR_QUANTILE = float(os.getenv("QDRANT_SCALAR_QUANTILE", 0.99))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae37cd994c84e554 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:177
QDRANT_VECTOR_SIZE = int(os.getenv("QDRANT_VECTOR_SIZE", 1536))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5518f89bcef6bb1a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:178
CACHED_STREAMING_CHUNK_DELAY = float(os.getenv("CACHED_STREAMING_CHUNK_DELAY", 0.02))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65b99a8f7432b13f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:180
    os.getenv("MAX_SIZE_PER_ITEM_IN_MEMORY_CACHE_IN_KB", 512)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab7bffa96b0f5669 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:182
DEFAULT_MAX_TOKENS_FOR_TRITON = int(os.getenv("DEFAULT_MAX_TOKENS_FOR_TRITON", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bfe2ec79b5802ba Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:184
request_timeout: float = float(os.getenv("REQUEST_TIMEOUT", 6000))  # time in seconds

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #527722fcbe8f42f5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:189
    os.getenv("DEFAULT_REPLICATE_GPU_PRICE_PER_SECOND", 0.001400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c380cbcb7b342ab Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:191
FIREWORKS_AI_56_B_MOE = int(os.getenv("FIREWORKS_AI_56_B_MOE", 56))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f786487ec05355f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:192
FIREWORKS_AI_176_B_MOE = int(os.getenv("FIREWORKS_AI_176_B_MOE", 176))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85c156089d270eec Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:193
FIREWORKS_AI_4_B = int(os.getenv("FIREWORKS_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c53599fcfa878c79 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:194
FIREWORKS_AI_16_B = int(os.getenv("FIREWORKS_AI_16_B", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29befc6ff506a3fc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:195
FIREWORKS_AI_80_B = int(os.getenv("FIREWORKS_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43f95d347915b565 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:199
    os.getenv("MAX_LANGFUSE_INITIALIZED_CLIENTS", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f29a529d2e7c4bb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:201
DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE = os.getenv(
    "DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE", "streaming.chunk.yield"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9f36dd60fb5f337 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:827
    os.getenv("HUMANLOOP_PROMPT_CACHE_TTL_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b7e2d850ff0d94d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:834
    os.getenv("PROMETHEUS_BUDGET_METRICS_REFRESH_INTERVAL_MINUTES", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #572758ef159f68ef Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:837
MAXIMUM_TRACEBACK_LINES_TO_LOG = int(os.getenv("MAXIMUM_TRACEBACK_LINES_TO_LOG", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6f03f8f15eb23b3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:848
    os.getenv("MAX_SPENDLOG_ROWS_TO_QUERY", 1_000_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb914de4f5eff1dc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:851
    os.getenv("DEFAULT_SOFT_BUDGET", 50.0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d23f5e2dce3b8b56 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:869
    os.getenv("BATCH_STATUS_POLL_INTERVAL_SECONDS", 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8b20c708da979f9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:872
    os.getenv("BATCH_STATUS_POLL_MAX_ATTEMPTS", 24)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d43d9df714d84e00 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:876
    os.getenv("HEALTH_CHECK_TIMEOUT_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d641908a623fc49 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:891
SPEND_LOG_RUN_LOOPS = int(os.getenv("SPEND_LOG_RUN_LOOPS", 500))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea518ba87de7d674 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:892
SPEND_LOG_CLEANUP_BATCH_SIZE = int(os.getenv("SPEND_LOG_CLEANUP_BATCH_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12193c4e563ba9bb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:894
    os.getenv("DEFAULT_CRON_JOB_LOCK_TTL_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba40861cd366d732 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:897
    os.getenv("PROXY_BUDGET_RESCHEDULER_MIN_TIME", 597)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84b80370322d77e0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:899
PROXY_BATCH_POLLING_INTERVAL = int(os.getenv("PROXY_BATCH_POLLING_INTERVAL", 3600))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6635ecee99b4508 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:901
    os.getenv("PROXY_BUDGET_RESCHEDULER_MAX_TIME", 605)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #499a6b6467056627 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:903
PROXY_BATCH_WRITE_AT = int(os.getenv("PROXY_BATCH_WRITE_AT", 10))  # in seconds

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #469163410d4b8026 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:905
    os.getenv("DEFAULT_HEALTH_CHECK_INTERVAL", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5ed72a5c754573d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:908
    os.getenv("PROMETHEUS_FALLBACK_STATS_SEND_TIME_HOURS", 9)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f19e2ccf72a7f25c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:911
    os.getenv("DEFAULT_MODEL_CREATED_AT_TIME", 1677610602)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #187a3b3b9d4d03ed Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:914
    os.getenv("DEFAULT_SLACK_ALERTING_THRESHOLD", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f76e40ec867e62a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:916
MAX_TEAM_LIST_LIMIT = int(os.getenv("MAX_TEAM_LIST_LIMIT", 20))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfaaecbd65a819dc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:918
    os.getenv("DEFAULT_PROMPT_INJECTION_SIMILARITY_THRESHOLD", 0.7)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7008ca928dafc1c5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:920
LENGTH_OF_LITELLM_GENERATED_KEY = int(os.getenv("LENGTH_OF_LITELLM_GENERATED_KEY", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ffe7e59a9158e92 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:922
    os.getenv("SECRET_MANAGER_REFRESH_INTERVAL", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1db22cb1e68e5e1e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:931
    os.getenv("DEFAULT_MANAGEMENT_OBJECT_IN_MEMORY_CACHE_TTL", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #646c462c97264f19 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:168
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #591f507af41ee1fb Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:169
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1457416f7d247b6 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:175
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b15e8d312f46b7fb Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:183
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4b2f1844c23e822 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:348
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46fb086d4a3909a4 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:349
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9970550cf779e28 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:355
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #835e47d3e98b86f3 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:363
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2c8e85263cc6ed7 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:502
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1e3f49df8534237 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:503
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #384108398c1bde6b Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:509
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a52982e5b3264a4 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:517
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba593632c7552c69 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:656
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4df151d6a4dab6a4 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:657
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #686986ced56f289e Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:663
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c44a0fc24238f56 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:671
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #212d7197a284a180 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:830
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #471ff3021cf227d0 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:831
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1644b2d1b5b4e813 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:837
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #301229652d2d0172 Environment-variable access.
pkgs/python/[email protected]/litellm/files/main.py:845
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #facf4d6cfbcf1f42 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:142
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fb8a34a95b490c6 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:143
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccc3617ae47f6e6b Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:149
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #409c9892051967f9 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:157
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56e9d45f8c965b12 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:366
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1cefeea4a047592 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:367
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b833fbc25fc892ca Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:373
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ecafb4e206b8730 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:381
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e1f6baa98d28336 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:528
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3bfb36220fd8aa4 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:529
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b85c478ce28dcca Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:535
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61ffbcf84fff03c8 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:543
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32077cbada37784d Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:685
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cdf6959d043c6f7 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:686
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fdcb99b4433e847 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:692
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65ca2c0ed18ea27a Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:699
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41ee8067aefb4a10 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1063
    base_url={os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7274d7a75454609a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1108
        webhook_url = os.getenv("WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07cf905fafd1336d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1157
            email_logo_url = os.getenv(
                "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12c8e6f0d552f9b6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1158
                "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67e1b319222728ce Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1160
            email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5822e673d3abe43 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1186
            base_url = os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68d30ea8b5ff29cb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1259
        email_logo_url = os.getenv(
            "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a357d72a93fec9b1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1260
            "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b87ff40518eaa95d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1262
        email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a77fec66e57a9ec Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1369
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a08650f655f437e3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1397
            slack_webhook_url = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03fa1b878b7fd181 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:22
            api_key=os.getenv("AGENTOPS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c11c1218d47bab0b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:23
            service_name=os.getenv("AGENTOPS_SERVICE_NAME", "agentops"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b1324d6d2917805 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:24
            deployment_environment=os.getenv("AGENTOPS_ENVIRONMENT", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64a691cecedf41b3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:63
            float(os.getenv("ARGILLA_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abe0bacaf1ecf87c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:64
            if os.getenv("ARGILLA_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a287b93ee6b4834b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:65
            and os.getenv("ARGILLA_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c39930cc6dcfe9cc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:73
            os.getenv("ARGILLA_BATCH_SIZE", None) or litellm.argilla_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c14372d8e0a2eb2c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:101
        _credentials_api_key = argilla_api_key or os.getenv("ARGILLA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #616082e9b3f6c4ae Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:107
            or os.getenv("ARGILLA_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbd2ebc7aa744822 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:117
            or os.getenv("ARGILLA_DATASET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0ffdba64c6d17be Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:238
                float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2311e836cddd7192 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:239
                if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #648fead10344123c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:240
                and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49f1c520502b6a4b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:50
        space_key = os.environ.get("ARIZE_SPACE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88054d8f30e8938b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:51
        api_key = os.environ.get("ARIZE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64ca666af96c9894 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:53
        grpc_endpoint = os.environ.get("ARIZE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39bbe7e80f06d966 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:54
        http_endpoint = os.environ.get("ARIZE_HTTP_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b647f058dc85ecd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:42
        api_key = os.environ.get("PHOENIX_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bd73d41f0746e7d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:43
        grpc_endpoint = os.environ.get("PHOENIX_COLLECTOR_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fba8e5f602dee0c4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:44
        http_endpoint = os.environ.get("PHOENIX_COLLECTOR_HTTP_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9464b06a3158348b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:10
        self.athina_api_key = os.getenv("ATHINA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57d6cb8fd1903aee Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:16
            os.getenv("ATHINA_BASE_URL", "https://log.athina.ai")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ac29133c31e4da9f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/athina.py:90
            response = litellm.module_level_client.post(
                self.athina_logging_url,
                headers=self.headers,
                data=json.dumps(data, default=str),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ceec6ab0860885c6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:32
            self.tenant_id = os.getenv("AZURE_STORAGE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df00c698bafd95a0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:33
            self.client_id = os.getenv("AZURE_STORAGE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9e47d559846828d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:34
            self.client_secret = os.getenv("AZURE_STORAGE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8718ee7ff6c3ae2e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:35
            self.azure_storage_account_key: Optional[str] = os.getenv(
                "AZURE_STORAGE_ACCOUNT_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63fd542c81028984 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:40
            _azure_storage_account_name = os.getenv("AZURE_STORAGE_ACCOUNT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80e0677b970f6395 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:46
            _azure_storage_file_system = os.getenv("AZURE_STORAGE_FILE_SYSTEM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #fa4a57e7f04acfe7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:199
            response = await client.put(f"{base_url}?resource=file", headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #07ea6d0fc8eb394a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:41
        self.api_base = api_base or os.getenv("BRAINTRUST_API_BASE") or API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea05bb1619f54ecd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:43
        self.api_key: str = api_key or os.getenv("BRAINTRUST_API_KEY")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d30be86727656bf Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:64
        if api_key is None and os.getenv("BRAINTRUST_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #90482947560a9a79 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:79
            response = self.global_braintrust_sync_http_handler.post(
                f"{self.api_base}/project",
                headers=self.headers,
                json={"name": project_name},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #86cdc648c47f7555 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:99
            response = await self.global_braintrust_http_handler.post(
                f"{self.api_base}/project/register",
                headers=self.headers,
                json={"name": project_name},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6969ab2d91f43a08 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:149
        project = await self.global_braintrust_http_handler.post(
            f"{self.api_base}/project", headers=self.headers, json={"name": "litellm"}
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a83ca790171eddc8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:158
        project = self.global_braintrust_sync_http_handler.post(
            f"{self.api_base}/project", headers=self.headers, json={"name": "litellm"}
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #88dc70c31661d140 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:29
        self.api_key = api_key or os.getenv("CLOUDZERO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d66a59bc863cd68 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:30
        self.connection_id = connection_id or os.getenv("CLOUDZERO_CONNECTION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7af8b8d30fd87956 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:31
        self.timezone = timezone or os.getenv("CLOUDZERO_TIMEZONE", "UTC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a77c7790aed0b30f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cz_stream_api.py:148
                response = client.post(url, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #60588c1a419ada6e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:70
            if os.getenv("DD_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dc0c96674eb755c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:72
            if os.getenv("DD_SITE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #548c82abb07da7b0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:77
            self.DD_API_KEY = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8bab4cf7e8f6425 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:79
                f"https://http-intake.logs.{os.getenv('DD_SITE')}/api/v2/logs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #110c241b4a434ca7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:85
                os.getenv("_DATADOG_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51e9ebb3bf76fa3d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:86
                or os.getenv("DATADOG_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff51abc04b376ff0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:87
                or os.getenv("DD_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d48f3e3837bdfdd4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:505
            "env": os.getenv("DD_ENV", "unknown"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b123a178c0e37d5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:506
            "service": os.getenv("DD_SERVICE", "litellm"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4aea0e181afec821 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:507
            "version": os.getenv("DD_VERSION", "unknown"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d52429fc78b3bf4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:509
            "POD_NAME": os.getenv("POD_NAME", "unknown"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20f4ec4228c79aa7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:525
        return os.getenv("DD_SOURCE", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85b568b14c8701ed Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:529
        return os.getenv("DD_SERVICE", "litellm-server")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be4843c06dd93560 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:533
        return os.getenv("HOSTNAME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92e7a16967d70796 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:537
        return os.getenv("DD_ENV", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c795eebd0bb399a1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:541
        return os.getenv("POD_NAME", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90615ff46dd36a9b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:42
            if os.getenv("DD_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca99737fc4736f2f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:44
            if os.getenv("DD_SITE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #507d064ac733529c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:52
            self.DD_API_KEY = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1293f7c9d1404002 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:53
            self.DD_SITE = os.getenv("DD_SITE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d9f810b3b90847a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:59
            dd_base_url = os.getenv("DD_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e86632e9a23cdd5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:24
        api_key = os.getenv("CONFIDENT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6917b95359938c9b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:25
        self.litellm_environment = os.getenv("LITELM_ENVIRONMENT", "development")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ea0d55ac29fcfbc Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:153
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24988777966e29a2 Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:295
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cb5dddedeee7671 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/dynamodb.py:20
            "dynamodb", region_name=os.environ["AWS_REGION_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bda83c15a3f9e941 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:82
    email_logo_url = os.getenv("SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ee9c3724e87396b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:83
    email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bad445beeedd02c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:40
        self.base_url = os.getenv("GALILEO_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdd3140a0e4a1532 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:41
        self.project_id = os.getenv("GALILEO_PROJECT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21729e558e6fd1d2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:59
                "username": os.getenv("GALILEO_USERNAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ba3f8bb98e1d816 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:60
                "password": os.getenv("GALILEO_PASSWORD"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36092f70ac034838 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:31
        self.batch_size = int(os.getenv("GCS_BATCH_SIZE", GCS_DEFAULT_BATCH_SIZE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b1f29540bd7c26d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:33
            os.getenv("GCS_FLUSH_INTERVAL", GCS_DEFAULT_FLUSH_INTERVAL_SECONDS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #140af733edbaf5b9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:26
        _path_service_account = os.getenv("GCS_PATH_SERVICE_ACCOUNT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed6227cf0113cd60 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:27
        _bucket_name = bucket_name or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b1662fadc865f9a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:77
        project_id = os.getenv("GOOGLE_SECRET_MANAGER_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93e9c3076de845ec Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:55
        self.project_id = project_id or os.getenv("GCS_PUBSUB_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57d145218d3a06a0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:56
        self.topic_id = topic_id or os.getenv("GCS_PUBSUB_TOPIC_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27e2c3f696f82d7a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:57
        self.path_service_account_json = credentials_path or os.getenv(
            "GCS_PATH_SERVICE_ACCOUNT"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #792966bba160113d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:12
        self.greenscale_api_key = os.getenv("GREENSCALE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4af8a8474f46599 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:17
        self.greenscale_logging_url = os.getenv("GREENSCALE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3aa7460f492112b5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:57
            response = litellm.module_level_client.post(
                self.greenscale_logging_url,
                headers=self.headers,
                data=json.dumps(data, default=str),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7000fade804ee970 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:26
        self.key = os.getenv("HELICONE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #333762a4691d1966 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:27
        self.api_base = os.getenv("HELICONE_API_BASE") or "https://api.hconeai.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #37c4b5dec23c7dbd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/helicone.py:181
            response = litellm.module_level_client.post(url, headers=headers, json=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #65b724696b026134 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:53
        if os.getenv("LAGO_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3def8aedbc45b76c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:56
        if os.getenv("LAGO_API_BASE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62799ccdbf2be06c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:59
        if os.getenv("LAGO_API_EVENT_CODE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfeee825e81a3d09 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:92
        if os.getenv("LAGO_API_CHARGE_BY", None) is not None and isinstance(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fb443602ba48378 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:93
            os.environ["LAGO_API_CHARGE_BY"], str

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #085a68ea4370b1ba Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:95
            if os.environ["LAGO_API_CHARGE_BY"] in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39e6954603992089 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:100
                charge_by = os.environ["LAGO_API_CHARGE_BY"]  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cad3e9712cf5676 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:122
                "code": os.getenv("LAGO_API_EVENT_CODE"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b51421c6a481ad5a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:133
        _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3ed46abb4d941e0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:142
        api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #689cabf2adc9d1d0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:167
            _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90a0370e9f68e350 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:178
            api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc3d79c3ac7c719d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:57
        self.secret_key = langfuse_secret or os.getenv("LANGFUSE_SECRET_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01350011ea6f01c2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:58
        self.public_key = langfuse_public_key or os.getenv("LANGFUSE_PUBLIC_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #870b1957a90030e6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:59
        self.langfuse_host = langfuse_host or os.getenv(
            "LANGFUSE_HOST", "https://cloud.langfuse.com"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10ffda33bbda9a44 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:68
        self.langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47ce90caf9e6cd1a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:69
        self.langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfe4fb97d966023d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:95
            os.environ["LANGFUSE_PROJECT_ID"] = project_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9763b051e789216d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:99
        if os.getenv("UPSTREAM_LANGFUSE_SECRET_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb0cb4ef84b44cc6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:105
            self.upstream_langfuse_secret_key = os.getenv(
                "UPSTREAM_LANGFUSE_SECRET_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccfa571d81c57adb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:108
            self.upstream_langfuse_public_key = os.getenv(
                "UPSTREAM_LANGFUSE_PUBLIC_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3449870038fa0025 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:111
            self.upstream_langfuse_host = os.getenv("UPSTREAM_LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #537c2e2d54b3f938 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:112
            self.upstream_langfuse_release = os.getenv("UPSTREAM_LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f5c5da0e0df4086 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:113
            self.upstream_langfuse_debug = os.getenv("UPSTREAM_LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c72e2c1ddb94483 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:618
                proxy_base_url = os.environ.get("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a7db0da3031979f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:836
        return int(os.getenv("LANGFUSE_FLUSH_INTERVAL") or flush_interval)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34376e35187165f9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:101
        langfuse_environment = os.environ.get("LANGFUSE_TRACING_ENVIRONMENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd63e7976b606e13 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:153
        return os.environ.get("LANGFUSE_OTEL_HOST") or os.environ.get("LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80be545d2ec310ad Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:171
        public_key = os.environ.get("LANGFUSE_PUBLIC_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #382beabb378ae61c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:172
        secret_key = os.environ.get("LANGFUSE_SECRET_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe4a99775abdf511 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:200
        os.environ["OTEL_EXPORTER_OTLP_ENDPOINT"] = endpoint

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0c6dac14220df62 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:201
        os.environ["OTEL_EXPORTER_OTLP_HEADERS"] = otlp_auth_headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28b09e95ec3d2e32 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:75
        langfuse_secret or langfuse_secret_key or os.getenv("LANGFUSE_SECRET_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af499ac5142ee3a4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:77
    public_key = langfuse_public_key or os.getenv("LANGFUSE_PUBLIC_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b998074f31e0759c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:78
    langfuse_host = langfuse_host or os.getenv(
        "LANGFUSE_HOST", "https://cloud.langfuse.com"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f04af58c1e4ac73f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:88
    langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2956b4e4752b43a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:89
    langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #720c6b63fdc534e5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:52
            float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cd77eaf8c2c8c36 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:53
            if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf8365e2ba938e10 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:54
            and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5f37cf5fecfc7da Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:57
        self.langsmith_default_run_name = os.getenv(
            "LANGSMITH_DEFAULT_RUN_NAME", "LLMRun"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64e7b1a2fcdaaba5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:64
            os.getenv("LANGSMITH_BATCH_SIZE", None) or litellm.langsmith_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #273c677382039d48 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:78
        _credentials_api_key = langsmith_api_key or os.getenv("LANGSMITH_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #978fbc512d1ccafc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:84
            langsmith_project or os.getenv("LANGSMITH_PROJECT") or "litellm-completion"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d129494985c2c131 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:92
            or os.getenv("LANGSMITH_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c21d3853748d712 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:204
                float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8caa6648b8ea1a2c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:205
                if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f2a1ca64adb9ca8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:206
                and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07f08dec768cc114 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:28
        self.literalai_api_url = os.getenv("LITERAL_API_URL") or literalai_api_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fba025366e9d4a0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:31
            "x-api-key": literalai_api_key or os.getenv("LITERAL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eb0237575161dc1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:40
        batch_size = os.getenv("LITERAL_BATCH_SIZE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc01efb61e51b05a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/logfire_logger.py:36
                logfire.configure(token=os.getenv("LOGFIRE_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #545525814e3c71bc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:46
        if os.getenv("OPENMETER_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52bc0193754838ad Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:87
            "type": os.getenv("OPENMETER_EVENT_TYPE", "litellm_tokens"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba943c27181c3275 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:96
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68e5fc26a4fac3bb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:102
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #563a2bc65df1ed23 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:122
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac981a38a38d01fc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:128
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f2498f363bc8100 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:43
LITELLM_TRACER_NAME = os.getenv("OTEL_TRACER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a522bc3a1a5a0d3c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:59
        "service.name": os.getenv("OTEL_SERVICE_NAME", "litellm"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92e4c5b207cb9258 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:60
        "deployment.environment": os.getenv("OTEL_ENVIRONMENT_NAME", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #074e89cb2e3ec830 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:62
        "model_id": os.getenv(
            "OTEL_MODEL_ID", os.getenv("OTEL_SERVICE_NAME", "litellm")
        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b552f0a0f3490e4f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:63
            "OTEL_MODEL_ID", os.getenv("OTEL_SERVICE_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51749bd92e155918 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:100
        exporter = os.getenv(
            "OTEL_EXPORTER_OTLP_PROTOCOL", os.getenv("OTEL_EXPORTER", "console")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b750f049c3d16be Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:101
            "OTEL_EXPORTER_OTLP_PROTOCOL", os.getenv("OTEL_EXPORTER", "console")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cddb6eb18df540c0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:103
        endpoint = os.getenv("OTEL_EXPORTER_OTLP_ENDPOINT", os.getenv("OTEL_ENDPOINT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79bf6971fe27d1f8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:104
        headers = os.getenv(
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")
        )  # example: OTEL_HEADERS=x-honeycomb-team=B85YgLm96***"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fed02b10ebcc61ba Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:105
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80e10b97bb8ccc78 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:144
        _debug_otel = str(os.getenv("DEBUG_OTEL", "False")).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8577dd99e5f1ec15 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opik/utils.py:58
    return os.getenv((env_prefix + key).upper(), None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #964f8c7295e92a2c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:15
        self.key = os.getenv("PROMPTLAYER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a5de44488a38a8e3 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:50
            request_response = litellm.module_level_client.post(
                "https://api.promptlayer.com/rest/track-request",
                json={
                    "function_name": "openai.ChatCompletion.create",
                    "kwargs": new_kwargs,
                    "tags": tags,
                    "request_response": dict(response_obj),
                    "request_start_time": int(start_time.timestamp()),
                    "request_end_time": int(end_time.timestamp()),
                    "api_key": self.key,
                    # Optional params for PromptLayer
                    # "prompt_id": "<PROMPT ID>",
                    # "prompt_input_variables": "<Dictionary of variables for prompt>",
                    # "prompt_version":1,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f82939f6721b8d3b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:77
                    response = litellm.module_level_client.post(
                        "https://api.promptlayer.com/rest/track-metadata",
                        json={
                            "request_id": response_json["request_id"],
                            "api_key": self.key,
                            "metadata": metadata,
                        },
                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0cb2db81dc914da9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/s3_v2.py:316
            response = await self.async_httpx_client.put(
                url, data=json_string, headers=signed_headers
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #acf712c4822d4360 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/s3_v2.py:460
            response = httpx_client.put(url, data=json_string, headers=signed_headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #27c3e2a237c6ca2e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/s3_v2.py:533
            response = await self.async_httpx_client.get(url, headers=signed_headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e0e3e0da97be1da4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/sqs.py:267
            response = await self.async_httpx_client.post(
                self.sqs_queue_url,
                data=body,
                headers=signed_headers,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b845a08bee610529 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:18
        self.supabase_url = os.getenv("SUPABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e803ea1b337275bd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:19
        self.supabase_key = os.getenv("SUPABASE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #208dd12218922902 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:56
        with open(file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #158e8b1473a83438 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:68
                with open(str(content), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8af9b6d88e71ba16 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:136
    return open(file_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #987ff093d1b939eb Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:18
os.environ["TIKTOKEN_CACHE_DIR"] = os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e534502ea81318b4 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:18
os.environ["TIKTOKEN_CACHE_DIR"] = os.getenv(
    "CUSTOM_TIKTOKEN_CACHE_DIR", filename
)  # use local copy of tiktoken b/c of - https://github.com/BerriAI/litellm/issues/1071

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7df1a1d7b1f2ea9e Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:18
        os.getenv("LITELLM_LOCAL_MODEL_COST_MAP", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a0f20cf2db9e7c4 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:19
        or os.getenv("LITELLM_LOCAL_MODEL_COST_MAP", False) == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ba48b7a23ad6efb6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:31
        response = httpx.get(
            url, timeout=5
        )  # set a 5 second timeout for the get request

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b8fdb82bb2953c65 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3060
                    os.environ.get("SENTRY_API_TRACE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #679680a1f26f845b Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3061
                    if "SENTRY_API_TRACE_RATE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dbbf8bd49456bac Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3065
                    os.environ.get("SENTRY_API_SAMPLE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee39c1547b89a2f3 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3066
                    if "SENTRY_API_SAMPLE_RATE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #917d026a1d0d4a30 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3070
                    dsn=os.environ.get("SENTRY_DSN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b640a37b63f8599 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3092
                    project_api_key=os.environ.get("POSTHOG_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50116b6599239d5d Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3093
                    host=os.environ.get("POSTHOG_API_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09e179f55a2d5c07 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3105
                    token=os.environ.get("SLACK_API_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #566888b19a2d289b Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3106
                    signing_secret=os.environ.get("SLACK_API_SECRET"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebb3bc019f9dc220 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3108
                alerts_channel = os.environ["SLACK_API_CHANNEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ccc4266ab289f7f Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3301
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58ec6baca8019ee2 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3327
                os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a37daf77fbcc0d7f Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3374
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8a69179b8d56c1c Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3384
                headers=f"Authorization={os.getenv('LOGFIRE_TOKEN')}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3aa821d1f5acf707 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3417
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5b6dc0a45521134 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3429
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee7b48189a4b465c Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3430
                f"api_key={os.getenv('LANGTRACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eac1e12a0d247904 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3646
            if "ARIZE_SPACE_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8399c291ca3c17f Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3648
            if "ARIZE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dc4ee112fe1fe7a Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3657
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bd6cad730669af3 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3677
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a02529ca03a6c69 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4490
    if os.getenv("LITELLM_PRINT_STANDARD_LOGGING_PAYLOAD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe81cef0207c62ca Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/common_utils.py:466
        with open(file_content, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7085fe3e361aa175 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/factory.py:391
                response = client.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2c3b1489ed34cce2 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/factory.py:546
        response = client.get("https://api.together.xyz/models/info", headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c9d910497f1ef117 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/factory.py:2190
        response = client.get(image_url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4f769de244fd56bc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/factory.py:2423
            response = await client.get(image_url, follow_redirects=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3bbc5a500d72894e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/factory.py:2436
            response = client.get(image_url, follow_redirects=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4ac397f8b8c14809 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/image_handling.py:58
            response = await client.get(url, follow_redirects=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a0d12b0efa3b2b3f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/image_handling.py:75
            response = client.get(url, follow_redirects=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #563faabadb22085a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/litellm_core_utils/token_counter.py:202
        response = client.get(data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b8ba5ecc94858b2d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/anthropic/chat/handler.py:80
        response = await client.post(
            api_base, headers=headers, data=data, stream=True, timeout=timeout
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #39853270804c350d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/anthropic/chat/handler.py:131
        response = client.post(
            api_base, headers=headers, data=data, stream=True, timeout=timeout
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5ccc177e19e1016f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/anthropic/chat/handler.py:444
                    response = client.post(
                        api_base,
                        headers=headers,
                        data=json.dumps(data),
                        timeout=timeout,
                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8b3b1b8a92766abb Environment-variable access.
pkgs/python/[email protected]/litellm/llms/anthropic/experimental_pass_through/messages/transformation.py:66
            api_key = os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66eee98ceaa3e8ea Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:183
    azure_authority_host = os.getenv(
        "AZURE_AUTHORITY_HOST", "https://login.microsoftonline.com"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ccbeca5d08a97a7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:186
    azure_client_id = azure_client_id or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11101703580c1bc0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:187
    azure_tenant_id = azure_tenant_id or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #80583244fe9a871d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:217
    req_token = client.post(
        f"{azure_authority_host}/{azure_tenant_id}/oauth2/v2.0/token",
        data={
            "client_id": azure_client_id,
            "grant_type": "client_credentials",
            "scope": scope,
            "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
            "client_assertion": oidc_token,
        },
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #64de3a251e162681 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:301
    tenant_id = litellm_params.get("tenant_id", os.getenv("AZURE_TENANT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #424f562ac77cf8c1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:302
    client_id = litellm_params.get("client_id", os.getenv("AZURE_CLIENT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9acb0775ae6e6fb7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:304
        "client_secret", os.getenv("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6e7e6c56fb1d9ee Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:306
    azure_username = litellm_params.get("azure_username", os.getenv("AZURE_USERNAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #150db1ebaa548016 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:307
    azure_password = litellm_params.get("azure_password", os.getenv("AZURE_PASSWORD"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04655c33aee9406f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:310
        os.getenv("AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6a90158648a5a02 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:498
        tenant_id = litellm_params.get("tenant_id", os.getenv("AZURE_TENANT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6a931c7d477cff7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:499
        client_id = litellm_params.get("client_id", os.getenv("AZURE_CLIENT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0917cc01c61e2839 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:501
            "client_secret", os.getenv("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e8475624062b9ef Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:504
            "azure_username", os.getenv("AZURE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94e9042bdc14be04 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:507
            "azure_password", os.getenv("AZURE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed8c1492e9a4d341 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:511
            os.getenv("AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #816c6d418850a31e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:568
            api_version = os.getenv(
                "AZURE_API_VERSION", litellm.AZURE_DEFAULT_API_VERSION
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7998f864adc64e3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:623
        tenant_id = litellm_params.get("tenant_id", os.getenv("AZURE_TENANT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe127df16cb8bab3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:624
        client_id = litellm_params.get("client_id", os.getenv("AZURE_CLIENT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #032f4286b793e6df Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:627
            os.getenv("AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33e96589ab742ce3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:116
                if key.upper() in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b27c9b8caedc8cd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:117
                    params_to_check[i] = os.getenv(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccaeb0020df4ba51 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:183
            current_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68175ad29a8528f1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:184
            web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6170cf1ad4407e76 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:475
        with open(web_identity_token_file, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92fee548fa0b2274 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:569
        web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6dcae05415abf6c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:570
        irsa_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f763fd4f55a5b0da Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:582
                region = os.getenv("AWS_REGION") or os.getenv("AWS_DEFAULT_REGION") or "us-east-1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b47f694175f8bdee Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/converse_handler.py:37
    response = client.post(
        api_base,
        headers=headers,
        data=data,
        stream=not fake_stream,
        logging_obj=logging_obj,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1ea92b7499db7fe9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/invoke_handler.py:200
        response = await client.post(
            api_base,
            headers=headers,
            data=data,
            stream=not fake_stream,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3d6595473c3404af Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/invoke_handler.py:287
        response = client.post(
            api_base,
            headers=headers,
            data=signed_json_body if signed_json_body is not None else data,
            stream=not fake_stream,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ea8c68f12421156c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/invoke_handler.py:1091
            response = await client.post(
                api_base,
                headers=headers,
                data=data,
                timeout=timeout,
                logging_obj=logging_obj,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1414c7bf57e02d84 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/common_utils.py:159
    ssl_verify = os.getenv("SSL_VERIFY", litellm.ssl_verify)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f7ab650c8a3f8adc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bytez/chat/transformation.py:270
            response = client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e5f49dc0cb91944b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bytez/chat/transformation.py:314
            response = await client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4379cf55687a17dd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/codestral/completion/handler.py:62
    response = await client.post(api_base, headers=headers, data=data, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9ff1670f0ebc46ff Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/codestral/completion/handler.py:303
            response = litellm.module_level_client.post(
                completion_url,
                headers=headers,
                data=json.dumps(data),
                stream=stream,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8c27a1f4e833c72e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/cohere/embed/handler.py:82
        response = await client.post(api_base, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2a9f6a91488c7390 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/cohere/embed/handler.py:170
    response = client.post(embed_url, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #06a573894f4a6155 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/aiohttp_transport.py:247
            or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRUST_ENV", "False"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cb53c4a8c86fb70 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:76
        ssl_verify = os.getenv("SSL_VERIFY", litellm.ssl_verify)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0f230e31b446ec8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:83
    ssl_security_level = os.getenv("SSL_SECURITY_LEVEL", litellm.ssl_security_level)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2590ee8bd99e1a62 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:89
        ssl_cert_file = os.getenv("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #816ddd260b94f68a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:193
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c8fc4baac7be8371 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:243
        response = await self.client.get(
            url, params=params, headers=headers, follow_redirects=_follow_redirects  # type: ignore
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #4be5988796ed4c00 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:572
            or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRANSPORT", "False")) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb4f6ab8cc447f29 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:633
        if str_to_bool(os.getenv("AIOHTTP_TRUST_ENV", "False")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8068725d3e641689 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:674
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e5809b7d5f230a78 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:712
        response = self.client.get(
            url, params=params, headers=headers, follow_redirects=_follow_redirects  # type: ignore
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #efc22470d0c0d158 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/custom_httpx/httpx_handler.py:33
        response = await self.client.get(url, params=params, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #71c892017aa56c3e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/custom_httpx/httpx_handler.py:44
            response = await self.client.post(
                url, data=data, params=params, headers=headers  # type: ignore
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6ffa54833cc30388 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/deprecated_providers/aleph_alpha.py:240
    response = litellm.module_level_client.post(
        completion_url,
        headers=headers,
        data=json.dumps(data),
        stream=optional_params["stream"] if "stream" in optional_params else False,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #eceeae300e062e54 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:31
        self.token_dir = os.getenv(
            "GITHUB_COPILOT_TOKEN_DIR",
            os.path.expanduser("~/.config/litellm/github_copilot"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d62eaf81c93fce51 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:37
            os.getenv("GITHUB_COPILOT_ACCESS_TOKEN_FILE", "access-token"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fadb795e5ca5961f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:40
            self.token_dir, os.getenv("GITHUB_COPILOT_API_KEY_FILE", "api-key.json")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a892b53a18a2b2af Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:55
            with open(self.access_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17d07cf337226b58 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:69
                    with open(self.access_token_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbd7e5871e3c03b1 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:94
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60215d9b408864e1 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:113
            with open(self.api_key_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2c86f39908dff1d Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:143
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #eb4362d0b82f0de0 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:169
                response = sync_client.get(GITHUB_API_KEY_URL, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fe5557965cccb0c5 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:235
            resp = sync_client.post(
                GITHUB_DEVICE_CODE_URL,
                headers=self._get_github_headers(),
                json={"client_id": GITHUB_CLIENT_ID, "scope": "read:user"},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0cd4449986ee2810 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:289
                resp = sync_client.post(
                    GITHUB_ACCESS_TOKEN_URL,
                    headers=self._get_github_headers(),
                    json={
                        "client_id": GITHUB_CLIENT_ID,
                        "device_code": device_code,
                        "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
                    },
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7348bb2c1fd0cedf Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:82
            base_url = os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7140d4e1d5f79583 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:102
        elif os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be672d5d439694cd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:103
            complete_url = str(os.getenv("HF_API_BASE")) or str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1083b128c2bf5894 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:104
                os.getenv("HUGGINGFACE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39ba3fefe7a3b051 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:76
    if os.getenv("HUGGINGFACE_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21794fa3329d9c80 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77
        headers["Authorization"] = f"Bearer {os.getenv('HUGGINGFACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #094262fb7d982a8a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
        response = httpx.get(path, headers=headers, params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f9dcd8af9915d843 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:296
        response = await client.post(api_base, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #38e0bb342e20fb30 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:355
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8a9a6110d41a43d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:356
            embed_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5812f8a97ccd7a84 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:357
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f245e21fcedc519a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:358
            embed_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4f7b6c657c0b9666 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:403
        response = client.post(embed_url, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #efee34e9006124ab Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:164
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69f50d63568041dd Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:178
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21fb41442699243d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:343
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c31e632a9bcf00d8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:344
            completion_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50d14622dcd8f386 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:345
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1aa531d6091488ce Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:346
            completion_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04a9e61ab4ac9512 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:55
        elif os.getenv("HF_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2640ac142b0a59c4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:56
            return os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dbcc0b46ba20d17 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:57
        elif os.getenv("HUGGINGFACE_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f715f9aa4f33a3e5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:58
            return os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #bf3ac62c862b443e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/nlp_cloud/chat/handler.py:77
    response = client.post(
        completion_url,
        headers=headers,
        data=json.dumps(data),
        stream=optional_params["stream"] if "stream" in optional_params else False,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #fba4dc48fc6e0ee5 Filesystem access.
pkgs/python/[email protected]/litellm/llms/oci/chat/transformation.py:98
        with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f1a3cd9bc21a0988 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oci/chat/transformation.py:563
            response = client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a94a910bdca6f351 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oci/chat/transformation.py:608
            response = await client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b6c2babb390a4870 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/ollama/common_utils.py:78
            resp = httpx.get(f"{base}/api/tags")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #87faee61e1bcaddb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/ollama_chat.py:374
            resp = await session.post(**_request)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #df18fe8deb97172a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oobabooga/chat/oobabooga.py:65
    response = client.post(
        completion_url,
        headers=headers,
        data=json.dumps(data),
        stream=optional_params["stream"] if "stream" in optional_params else False,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #495f5e18f2a6fee7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oobabooga/chat/oobabooga.py:129
    response = litellm.module_level_client.post(
        embeddings_url, headers=headers, json=data
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #528decb7706eda05 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/chat/handler.py:40
    response = await client.post(
        api_base, headers=headers, data=data, stream=not fake_stream
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a404e3d1042adfcb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/chat/handler.py:81
    response = client.post(
        api_base, headers=headers, data=data, stream=not fake_stream, timeout=timeout
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bd359385681a70e4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/chat/handler.py:187
            response = await client.post(
                api_base, headers=headers, data=json.dumps(data), timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bd697379b93a9d87 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/embedding/handler.py:47
                response = await async_client.post(
                    api_base,
                    headers=headers,
                    data=json.dumps(data),
                )  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9d009c9678824245 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/embedding/handler.py:126
            response = self.client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
            )  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #094a0512d0b28322 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/petals/completion/handler.py:69
        response = client.post(api_base, data=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1934194f634798eb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/predibase/chat/handler.py:40
    response = await client.post(
        api_base, headers=headers, data=data, stream=True, timeout=timeout
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c994c835fa4e0cdc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/handler.py:254
        elif "PREDIBASE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b6bfbae97639133 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/handler.py:255
            base_url = os.getenv("PREDIBASE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d6f0e1800f1e51b8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/predibase/chat/handler.py:344
            response = litellm.module_level_client.post(
                completion_url,
                headers=headers,
                data=json.dumps(data),
                stream=stream,
                timeout=timeout,  # type: ignore
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0c582cbd6a7adc9d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/replicate/chat/handler.py:36
        response = http_client.get(prediction_url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a06dd18570dca397 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/replicate/chat/handler.py:87
        response = await http_client.get(prediction_url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1f2df9d9c7cc0e98 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/sagemaker/chat/transformation.py:138
            response = client.post(
                api_base,
                headers=headers,
                data=signed_json_body if signed_json_body is not None else data,
                stream=True,
                logging_obj=logging_obj,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2df200839b01d92a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/sagemaker/chat/transformation.py:188
            response = await client.post(
                api_base,
                headers=headers,
                data=signed_json_body if signed_json_body is not None else data,
                stream=True,
                logging_obj=logging_obj,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ab20e3e4b3fffe47 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:370
            response = await client.post(
                api_base,
                headers=headers,
                data=data,
                stream=True,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2d7328cdb6e665fa Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/together_ai/rerank/handler.py:51
        response = client.post(
            "https://api.together.xyz/v1/rerank",
            headers={
                "accept": "application/json",
                "content-type": "application/json",
                "authorization": f"Bearer {api_key}",
            },
            json=request_data_dict,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #909fd5509db50203 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/together_ai/rerank/handler.py:77
        response = await client.post(
            "https://api.together.xyz/v1/rerank",
            headers={
                "accept": "application/json",
                "content-type": "application/json",
                "authorization": f"Bearer {api_key}",
            },
            json=request_data_dict,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #aaf1b26a4ffd47a5 Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:95
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b90c84704b4d192 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:165
        bucket_name = litellm_params.get("bucket_name") or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #666d71a95c2ff45b Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:449
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0f7ba92ec4074d84 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/gemini/vertex_and_google_ai_studio_gemini.py:1535
        response = await client.post(api_base, headers=headers, data=data, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #37465d3aade1e550 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/gemini/vertex_and_google_ai_studio_gemini.py:1582
    response = client.post(api_base, headers=headers, data=data, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e7f6df7553fe7663 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/gemini/vertex_and_google_ai_studio_gemini.py:1780
            response = await client.post(
                api_base, headers=headers, json=cast(dict, request_body)
            )  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0a745e2ddde5fa68 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/multimodal_embeddings/embedding_handler.py:171
            response = await client.post(api_base, headers=headers, json=data)  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #05df4df759faeed1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_ai_non_gemini.py:157
                f"VERTEX AI: creds={creds}; google application credentials: {os.getenv('GOOGLE_APPLICATION_CREDENTIALS')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #dbfa6a00acd4fcd0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_embeddings/embedding_handler.py:204
            response = await client.post(api_base, headers=headers, json=vertex_request)  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #313a22acf659b5c9 Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_llm_base.py:66
                        json_obj = json.load(open(credentials))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6c7dcdb0c944b22 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2165
                or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3521291a907352ff Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2210
                or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e4eeb362208d2ce Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2466
                or os.environ.get("HF_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17da99c73cacbb83 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2467
                or os.environ.get("HUGGINGFACE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #658690776283ef97 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2535
                or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5285aefdeea13357 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3283
                or os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d187964e1b8b8822 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/main.py:3491
            resp = litellm.module_level_client.post(
                url,
                headers=headers,
                json={
                    "model": model,
                    "params": {
                        "prompt": [prompt],
                        "max_tokens": max_tokens,
                        "temperature": temperature,
                        "top_p": top_p,
                        "top_k": kwargs.get("top_k"),
                    },
                    **kwargs.get("extra_body", {}),
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #4e4ee1ae0b18ce0d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:13
MCP_TOOL_PREFIX_SEPARATOR = os.environ.get("MCP_TOOL_PREFIX_SEPARATOR", "-")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #557b5349e0e67e77 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_logging.py:11
log_level = os.getenv("LITELLM_LOG", "INFO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d5ae3352ecee814 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:464
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4e232fb4685ef49 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:465
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32dc3983d1431f19 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:466
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06e894955040785c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:402
        keys_url = os.getenv("JWT_PUBLIC_KEY_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d46c938be8604fd2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:489
        audience = os.getenv("JWT_AUDIENCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e64987a8ab18a06c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:28
        self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50dd35d955fa20af Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:45
                with open(_path_to_public_key, "rb") as key_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #310f84b622d97b67 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:109
                self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc0474a4956cbe28 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:37
    token_info_endpoint = os.getenv("OAUTH_TOKEN_INFO_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d51369776b15e4eb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:38
    user_id_field_name = os.environ.get("OAUTH_USER_ID_FIELD_NAME", "sub")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ef5d735eb485872 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:39
    user_role_field_name = os.environ.get("OAUTH_USER_ROLE_FIELD_NAME", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d841cf5a90b38f72 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:40
    user_team_id_field_name = os.environ.get("OAUTH_USER_TEAM_ID_FIELD_NAME", "team_id")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #109a472bfab6af02 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:49
        response = await client.get(token_info_endpoint, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0c548c8beb555164 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:80
            oidc_token = open(aws_web_identity_token).read()  # check if filepath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5080c5afcf75715d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:169
            aws_region_name=os.getenv("AWS_REGION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35b269625ac5dbb6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:170
            aws_access_key_id=os.getenv("AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #225a10e006607613 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:171
            aws_secret_access_key=os.getenv("AWS_SECRET_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a028f9681b4edf46 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:172
            aws_session_name=os.getenv("AWS_SESSION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #068055c07077a467 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:173
            aws_profile_name=os.getenv("AWS_PROFILE_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9adf0301076e2eb3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:174
            aws_role_name=os.getenv("AWS_ROLE_NAME", os.getenv("AWS_ROLE_ARN")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7b7fca25153b9ee Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:175
            aws_web_identity_token=os.getenv(
                "AWS_WEB_IDENTITY_TOKEN", os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ccaa27e6797a960 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:176
                "AWS_WEB_IDENTITY_TOKEN", os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65a5e414b15193e0 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:22
    with open(token_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #431693d3d1772835 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:34
        with open(token_file, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #57e76e957970b31c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:90
                response = requests.get(poll_url, timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ff4f2feac30455c0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/credentials.py:115
    response = client.get(credential_name)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #36a9a68ede6c9df1 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/models.py:364
    with open(yaml_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0ac80201d81fed81 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/users.py:20
        response = requests.get(url, headers=self._get_headers(), params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2bee73f16828c930 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/users.py:30
        response = requests.get(url, headers=self._get_headers(), params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8472df064a7a1651 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/users.py:41
        response = requests.post(url, headers=self._get_headers(), json=user_data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f6c63f5c6a19e25c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/users.py:50
        response = requests.post(url, headers=self._get_headers(), json={"user_ids": user_ids})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #00f2aea72e7fa4e5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:52
if os.environ.get("LITELLM_PROFILE", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efb193820bacce2a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:246
            litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf41323de3b10082 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/encrypt_decrypt_utils.py:11
    salt_key = os.getenv("LITELLM_SALT_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17fbbf87a4d44b4c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:3
url_to_redirect_to = os.getenv("PROXY_BASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78a1a44a31e6d232 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:4
server_root_path = os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d5dd0dea68975d1 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:111
        with open(local_file_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e482ffb2f4fe6338 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:158
        with open(local_file_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dce307df1398417 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/check_migration.py:95
        db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e9bf990d596db94 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/db_spend_update_writer.py:332
        spend_logs_url: Optional[str] = os.getenv("SPEND_LOGS_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac920557ad4997b8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:69
        os.environ["AWS_ACCESS_KEY_ID"] = aws_access_key_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #266a9790569cbf37 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:70
        os.environ["AWS_SECRET_ACCESS_KEY"] = aws_secret_access_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #580191a0bb09c942 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:71
        os.environ["AWS_SESSION_TOKEN"] = aws_session_token

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7d4859646570460 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:67
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #116358205cf43d4d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:68
            db_port = os.getenv("DATABASE_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ab67d1cfbbb4690 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:69
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5a32753e418051b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:70
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b57bd4e4e353896 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:71
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5cdf4ae41e836d5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:82
            os.environ["DATABASE_URL"] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fb37a4edb2e1799 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:106
            db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a87d8f65b1e5e84 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:204
        disable_updates = os.getenv("DISABLE_SCHEMA_UPDATE", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50cc3127dba6eae8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/example_config_yaml/custom_auth.py:10
        modified_master_key = f"{os.getenv('LITELLM_MASTER_KEY')}-1234"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25cdd81ed6605b3b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:48
        self.api_key = api_key or os.environ.get("AIM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d62ff046c438efc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:56
            api_base or os.environ.get("AIM_API_BASE") or "https://api.aim.security"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0747f2a1689988b3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:48
        self.aporia_api_key = api_key or os.environ["APORIO_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91ceb96cbce8a471 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:49
        self.aporia_api_base = api_base or os.environ["APORIO_API_BASE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6dae4e9b2e57662 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/guardrails_ai/guardrails_ai.py:74
            api_base or os.getenv("GUARDRAILS_AI_API_BASE") or "http://0.0.0.0:8000"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0827a530e718bd96 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai.py:62
        self.lakera_api_key = api_key or os.environ["LAKERA_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ef06ab077555c80 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai_v2.py:53
        self.lakera_api_key = api_key or os.environ["LAKERA_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9965116fe48265d8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:52
        self.lasso_api_key = lasso_api_key or api_key or os.environ.get("LASSO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10614ae507bb872b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:53
        self.user_id = user_id or os.environ.get("LASSO_USER_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0653e31b91cd05c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:54
        self.conversation_id = conversation_id or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2442a55a35002bb6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:54
        self.conversation_id = conversation_id or os.environ.get(
            "LASSO_CONVERSATION_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e033cbbb2590f86b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:66
            api_base or os.getenv("LASSO_API_BASE") or "https://server.lasso.security"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0802cd4a5cbe9e0b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:143
        self.api_key = api_key or os.environ.get("NOMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21bfaaeeb7d24e93 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:144
        self.api_base = api_base or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f66ba50203ee6622 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:144
        self.api_base = api_base or os.environ.get(
            "NOMA_API_BASE", NomaGuardrail._DEFAULT_API_BASE
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f221dd291d4bd919 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:147
        self.application_id = application_id or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ce28458f2d909c7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:147
        self.application_id = application_id or os.environ.get(
            "NOMA_APPLICATION_ID", "litellm"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a62623db0c45845a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:153
                os.environ.get("NOMA_MONITOR_MODE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78ce2030948ca697 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:160
                os.environ.get("NOMA_BLOCK_FAILURES", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3805159d5280d030 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/openai/moderations.py:101
            os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9dfdb8fd81ff41b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:78
        self.api_key = api_key or os.environ.get("PANGEA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d32688ad4a72043f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:87
            or os.environ.get("PANGEA_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c56fc35fa73be5bd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:59
        self.api_key = api_key or os.getenv("PANW_PRISMA_AIRS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7562a40839b7704a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:62
            or os.getenv("PANW_PRISMA_AIRS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c5da05cc6c23a26d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:168
            response = await async_client.post(
                f"{self.api_base}/v1/scan/sync/request",
                headers=headers,
                json=payload,
                timeout=10.0,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #077f6baa3f72efd2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:87
        self.api_key = api_key or os.environ.get("PILLAR_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19c010f2be7c000a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:96
        self.api_base = api_base or os.getenv("PILLAR_API_BASE") or self.BASE_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9333abf823725934 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:99
        action = on_flagged_action or os.environ.get("PILLAR_ON_FLAGGED_ACTION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aa66f9af3ad1cc8 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:94
                with open(ad_hoc_recognizers, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d529cd20de004703 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:222
                async with session.post(analyze_url, json=analyze_payload) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f7c300396e0469d3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:252
                async with session.post(
                    anonymize_url, json=anonymize_payload
                ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #6fd7cf0292fffaa4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/health_endpoints/_health_endpoints.py:268
                user_email=os.getenv("TEST_EMAIL_ADDRESS"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d91b2a511838a7d4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/__init__.py:25
if os.getenv("EXPERIMENTAL_MULTI_INSTANCE_RATE_LIMITING", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b9f50af516f5b0e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/dynamic_rate_limiter.py:113
                if os.getenv("LITELLM_LICENSE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ff459e09ce4c436 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:115
        self.window_size = int(os.getenv("LITELLM_RATE_LIMIT_WINDOW_SIZE", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3425714b6ede4be1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:94
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b65b5abb0a4aa96f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:95
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ee99fe8676e588f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:96
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #757be00a92e05744 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:99
    _disable_ui_flag = os.getenv("DISABLE_ADMIN_UI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #864e3aa9960d43b4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:134
    ui_username = os.getenv("UI_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50e8d754c64902e0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:197
    generic_user_id_attribute_name = os.getenv(
        "GENERIC_USER_ID_ATTRIBUTE", "preferred_username"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ca0dfde012027f3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:200
    generic_user_display_name_attribute_name = os.getenv(
        "GENERIC_USER_DISPLAY_NAME_ATTRIBUTE", "sub"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11813654d38fb7b3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:203
    generic_user_email_attribute_name = os.getenv(
        "GENERIC_USER_EMAIL_ATTRIBUTE", "email"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db1e628bf6438447 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:207
    generic_user_first_name_attribute_name = os.getenv(
        "GENERIC_USER_FIRST_NAME_ATTRIBUTE", "first_name"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d457e3f6e6f4f283 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:210
    generic_user_last_name_attribute_name = os.getenv(
        "GENERIC_USER_LAST_NAME_ATTRIBUTE", "last_name"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21bd1ccdfd8e0bfd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:214
    generic_provider_attribute_name = os.getenv(
        "GENERIC_USER_PROVIDER_ATTRIBUTE", "provider"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5234255ef15fd29d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:254
    generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90bfeb6fd2a873de Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:255
    generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(" ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ba470272eec334e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:256
    generic_authorization_endpoint = os.getenv("GENERIC_AUTHORIZATION_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77d81063ce0ba8df Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:257
    generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef52a2ac52e5a8d6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:258
    generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fe7320d341e7da6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:260
        os.getenv("GENERIC_INCLUDE_CLIENT_ID", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #988aac28e88be3d0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:325
    additional_generic_sso_headers = os.getenv(
        "GENERIC_SSO_HEADERS", None
    )  # Comma-separated list of headers to add to the request - e.g. Authorization=Bearer <token>, Content-Type=application/json, etc.

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c47e1b008b9b167e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:525
    proxy_admin_id = os.getenv("PROXY_ADMIN_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7ad31b6e92def3c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:585
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb5355beb94314f8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:586
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2579ce8b04ef2fb3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:587
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80033f316ea9e535 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:796
    _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bd9eb1185542188 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:797
    _logout_url = os.getenv("PROXY_LOGOUT_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c4616002ff4ee19 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:804
    if "PROXY_DEFAULT_TEAM_DISABLED" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a757692f763a19ff Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:805
        if os.environ["PROXY_DEFAULT_TEAM_DISABLED"].lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #312e76f39f77cc5d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:849
            google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6773da04f92761e6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:871
            microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a9abb9c6d289e8f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:872
            microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90cb2ea5226f9e1f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:893
            generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b13ea137b461d3b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:894
            generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7b480852d640c7b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:897
            generic_authorization_endpoint = os.getenv(
                "GENERIC_AUTHORIZATION_ENDPOINT", None
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed22913a81ee15cb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:900
            generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b420ff965740f2e8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:901
            generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5134653b0393b562 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:955
                state = os.getenv("GENERIC_CLIENT_STATE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7eb0163f4e55d0d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1230
        if user_email is not None and os.getenv("ALLOWED_EMAIL_DOMAINS") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bc5bb8ffb72a5bf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1232
            allowed_domains = os.getenv("ALLOWED_EMAIL_DOMAINS").split(",")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f72c2f0fd866331 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1245
            generic_user_role_attribute_name = os.getenv(
                "GENERIC_USER_ROLE_ATTRIBUTE", "role"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15b00bd3e004d080 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1446
        microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54d44fb1b3a71b0e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1447
        microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc0f35efdfc3a36b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1531
            service_principal_id = os.getenv("MICROSOFT_SERVICE_PRINCIPAL_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #616f4cb096d1cfc5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1598
        response = await async_client.get(url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4096fcea604ed1b2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1664
        response = await async_client.get(url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #63c52b54566c10d7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1735
        google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e46790317dc1b82 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1772
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17f52bc17c1dd6c3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1773
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #436f5032a109448d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1774
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #990846e00689708d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1846
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c7b386a7f8eb26a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1847
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e052c9d5a07872b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1848
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bcc5b40ac8a6264 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1850
    redirect_url = os.getenv("PROXY_BASE_URL", str(request.base_url))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9dfdd39ea67460f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:175
    base_target_url = os.getenv("GEMINI_API_BASE") or "https://generativelanguage.googleapis.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a9012fbe3166b5d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:234
    base_target_url = os.getenv("COHERE_API_BASE") or "https://api.cohere.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1c89fef7e03c90e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:363
    base_target_url = os.getenv("MISTRAL_API_BASE") or "https://api.mistral.ai"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9195fe0c53b38212 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:430
    base_target_url = os.getenv("ANTHROPIC_API_BASE") or "https://api.anthropic.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #458c803d5b0cbff3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:1026
    base_target_url = os.getenv("OPENAI_API_BASE") or "https://api.openai.com/"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #723c718512238b09 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_provider_handlers/assembly_passthrough_logging_handler.py:212
            response = httpx.get(url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #02bc8b80af3359a6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:24
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e04c42672d0138c4 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:280
            with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e83a7ea1f017883f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:606
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60ea5169ec69001e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:607
            db_port = os.getenv("DATABASE_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d1e06d3929dea4c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:608
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32fed7de7fc15da2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:609
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5865e92c7dec3ee1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:610
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09069e2e26c23ed1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:621
            os.environ["DATABASE_URL"] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b12136a61405694 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:622
            os.environ["IAM_TOKEN_DB_AUTH"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2188c964b389c862 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:629
            os.getenv("USE_AWS_KMS", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21b41ae0e5fa68e0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:630
            and os.getenv("USE_AWS_KMS") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2aeacaa9dd2ef847 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:636
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35b6c135d4433854 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:687
            if database_url is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4fc1915e383c2ff Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:693
                    os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7829443b6f2264f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:714
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62671c52569d3cf0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:717
        if config is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #522e364ca32959d9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:723
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d18b316fd312fe2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:735
            os.getenv("DATABASE_URL", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e312fa0011f19a9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:736
            or os.getenv("DIRECT_URL", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57b1628a2b3e997e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:741
                if os.getenv("DATABASE_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed133907b9c2e159 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:749
                    os.environ["DATABASE_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #488f110048aea73f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:750
                if os.getenv("DIRECT_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #205527f8944058d1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:756
                    database_url = os.getenv("DIRECT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f77ebf04a62fcbde Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:758
                    os.environ["DIRECT_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2858fbfe93fca9d2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:453
server_root_path = os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58f268e76f18dbee Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:459
global_max_parallel_request_retries_env: Optional[str] = os.getenv(
    "LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRIES"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6e132dbbab605c3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:469
global_max_parallel_request_retry_timeout_env: Optional[str] = os.getenv(
    "LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRY_TIMEOUT"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91484e31d8e581ff Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:491
_title = os.getenv("DOCS_TITLE", "LiteLLM API") if premium_user else "LiteLLM API"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1318708daa6d11e2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:493
    os.getenv(
        "DOCS_DESCRIPTION",
        f"Enterprise Edition \n\nProxy Server to call 100+ LLMs in the OpenAI format. {custom_swagger_message}\n\n{ui_message}",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a694e6f20e682705 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:596
        elif os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None and isinstance(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e2f408cc8d71a1c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:767
if os.getenv("DOCS_FILTERED", "False") == "True" and premium_user:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0a955a6041b195f Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:830
                    with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bbf0a2bf48ec142 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:845
                    with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd08b753db7344d6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1064
        KVUri = os.getenv("AZURE_KEY_VAULT_URI", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c17c5fd8570ae0d0 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1344
        with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2e1895552c0e69b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1417
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8de51a1d4cf6447a Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1440
            with open(f"{file_path}", "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09b222a7c566fc6b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1521
            with open(f"{user_config_file_path}", "w") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0090608a81c58b3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1634
        if os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca64b4b97634c307 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1635
            bucket_name = os.environ.get("LITELLM_CONFIG_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #749cfe28fc4f4ed7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1636
            object_key = os.environ.get("LITELLM_CONFIG_BUCKET_OBJECT_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88a04c71f532e1f4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1637
            bucket_type = os.environ.get("LITELLM_CONFIG_BUCKET_TYPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0d24b9380bf69a6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1719
                        os.environ[key] = resolved_secret_string

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5734577807441dcc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1728
                    os.environ[key] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ece01192d86b7a51 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1732
                _license_check.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34e98a965398f9a0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2169
                    v = os.getenv(_v)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4f5b1c158fb45fe Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2652
                    os.environ[k] = decrypted_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbb0764d2b97caf7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3236
    os.environ["WORKER_CONFIG"] = json.dumps(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e41ae92ab3d47e9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3262
    if os.getenv("LITELLM_DONT_SHOW_FEEDBACK_BOX", "").lower() != "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #357de1ccbf657b74 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3293
        litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #009709207911b030 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3333
        os.environ["AZURE_API_VERSION"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a74c71bbb27406a5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3736
            if os.getenv("PROMETHEUS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fba8ce5e5a8d2d7f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7505
    ui_username = os.getenv("UI_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7652e130d83fbae3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7540
    ui_username = os.getenv("UI_USERNAME", "admin")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1108f2eaf34f7679 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7541
    ui_password = os.getenv("UI_PASSWORD", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1cc01507e3e2578 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7587
            os.getenv("PROXY_ADMIN_ID", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5d9cc2b7a65af82 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7588
            and os.environ["PROXY_ADMIN_ID"] == user_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #952a6939363a965e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7591
            key_user_id = os.getenv("PROXY_ADMIN_ID", litellm_proxy_admin_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37b1c1bb8e2f3f35 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7602
        if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25d10a0b10da0370 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7706
            if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e9cf9329c61a369 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7977
    logo_path = os.getenv("UI_LOGO_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b2bbdfd8dee931d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7989
    logo_path = os.getenv("UI_LOGO_PATH", default_logo)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #96216496c1f49fad Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7996
        response = client.get(logo_path)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0d7cf1a398b35720 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:8000
            with open(cache_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f92d90a535a4ca74 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:8942
                    _value = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a776f55574f2ece4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_management_endpoints.py:2159
            db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #103eba23f22bfaff Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:410
        return environment_variables.get(env_var_name) or os.getenv(env_var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2de5291a6ca4c74d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:510
            os.environ[env_var_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3ce7e2dcd95649d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:597
        os.environ["UI_LOGO_PATH"] = logo_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73c3b1da295bda52 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:604
        if "UI_LOGO_PATH" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8231ca804718fc71 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:605
            del os.environ["UI_LOGO_PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #868257142c978acf Filesystem access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:668
    with open(file_path, "wb") as buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf709f30bb643cfd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:1095
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #febb08303d7d70b4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:1593
            os.getenv("IAM_TOKEN_DB_AUTH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5095db6d42dcfa5b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:1716
            pg_schema = os.getenv("DATABASE_SCHEMA", "public")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63a03f905fe7476f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3043
    smtp_host = os.getenv("SMTP_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccc020e2b1a7dba7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3044
    smtp_port = int(os.getenv("SMTP_PORT", "587"))  # default to port 587

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70ef391e604b496c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3045
    smtp_username = os.getenv("SMTP_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dbf83be2af98114 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3046
    smtp_password = os.getenv("SMTP_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2ee5b22970d9f9d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3047
    sender_email = os.getenv("SMTP_SENDER_EMAIL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b28651f6888cc3b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3078
            if os.getenv("SMTP_TLS", "True") != "False":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d0e4be77e1fb73e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3185
                    base_url = os.getenv("SPEND_LOGS_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #108631b596038ffe Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3495
    if redoc_url := os.getenv("REDOC_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cdebef11688fcb5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3498
    if str_to_bool(os.getenv("NO_REDOC")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce459e4a44bd05ab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3512
    if docs_url := os.getenv("DOCS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64993c3223df67d7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3515
    if str_to_bool(os.getenv("NO_DOCS")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #241d635839ab9d64 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3617
    return os.getenv("PROXY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f7f16cc82b6eacc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3627
    return os.getenv("SERVER_ROOT_PATH", "/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ba7b9f830873223 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3669
    database_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #703a475773171fa7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3670
    database_username = os.getenv("DATABASE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c369c8a6c7173d87 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3671
    database_password = os.getenv("DATABASE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c42993dd079f547 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3672
    database_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24d4d5b9a01e62ab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3724
            anthropic_api_key = os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c8064e87e52905f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/vertex_ai_endpoints/langfuse_endpoints.py:95
        or os.getenv("LANGFUSE_HOST", "https://cloud.langfuse.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f86058e84927c163 Environment-variable access.
pkgs/python/[email protected]/litellm/router.py:5181
                    params[param_key] = os.environ.get(env_name, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c5e95f228798cc6 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:22
    if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba3a164945e844a2 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:35
        kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f510d4fc4d7ceded Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:56
        if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cb999f33be91210 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:62
        if os.getenv("LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bc4f949285c6f07 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:64
        elif os.getenv("LITELLM_SECRET_AWS_KMS_LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db0a20f0dc457f70 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:80
            kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebe603d32ef127fd Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:89
        encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ebc34e11fd8cb72 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:132
    for k, v in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25dd5977ed6e5a54 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:42
        if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60d2e72de9c50352 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:127
            return os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b74524370cf27124 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:40
            os.environ.get("AZURE_SCOPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06550cfa65d6e76c Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:46
        or os.environ.get("AZURE_CREDENTIAL", AzureCredentialType.ClientSecretCredential)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca54e5a3e8d38087 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:60
            client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8147e4c782db659 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:61
            client_secret=os.environ["AZURE_CLIENT_SECRET"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31345c7b173b1aa7 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:62
            tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21198085f8f40325 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:65
        credential = ManagedIdentityCredential(client_id=os.environ["AZURE_CLIENT_ID"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d488e3a52475229 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:67
        if os.getenv("AZURE_CERTIFICATE_PASSWORD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eddbf5aff4ab0f7 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:69
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4831ff1fd2563dd Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:70
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #409d8d8709c1bd53 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:71
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e32ebb1e91eb0c85 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:72
                password=os.environ["AZURE_CERTIFICATE_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a153c4a337e92b0 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:76
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00b089d912c48a4b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:77
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2fa439ebc39f5fc Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:78
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfc00e59d23bf605 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:19
    if "GOOGLE_APPLICATION_CREDENTIALS" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eedbc60f8da2504 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:23
    if "GOOGLE_KMS_RESOURCE_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2378a1e19b2cfe27 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:41
        litellm._google_kms_resource_name = os.getenv("GOOGLE_KMS_RESOURCE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #530eb51a3b184593 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:32
        self.PROJECT_ID = os.environ.get("GOOGLE_SECRET_MANAGER_PROJECT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9bb61c607513b60 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:40
        _refresh_interval = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d100a82de0bd589 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:40
        _refresh_interval = os.environ.get(
            "GOOGLE_SECRET_MANAGER_REFRESH_INTERVAL", refresh_interval
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #173558b9bce6810a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:50
        _always_read_secret_manager = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdb577d8848801c3 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:50
        _always_read_secret_manager = os.environ.get(
            "GOOGLE_SECRET_MANAGER_ALWAYS_READ_SECRET_MANAGER",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0678ce7ce6b39029 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:25
        self.vault_addr = os.getenv("HCP_VAULT_ADDR", "http://127.0.0.1:8200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d5f36a3f4716647 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:26
        self.vault_token = os.getenv("HCP_VAULT_TOKEN", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb2c6c16f5e67278 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:28
        self.vault_namespace = os.getenv("HCP_VAULT_NAMESPACE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df62e491ece8d214 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:31
        self.tls_cert_path = os.getenv("HCP_VAULT_CLIENT_CERT", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ac87ec0eba0a566 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:32
        self.tls_key_path = os.getenv("HCP_VAULT_CLIENT_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #222cc98cbe66835d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:33
        self.vault_cert_role = os.getenv("HCP_VAULT_CERT_ROLE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70cc217eb6fe1f66 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:43
        _refresh_interval = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23e3dd9122db3dbe Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:43
        _refresh_interval = os.environ.get(
            "HCP_VAULT_REFRESH_INTERVAL", SECRET_MANAGER_REFRESH_INTERVAL
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #9ad24faab84a2953 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:101
            resp = client.post(
                login_url,
                headers=headers,
                json=self._get_tls_cert_auth_body(),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4326793657b82e15 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:154
            response = await async_client.get(url, headers=self._get_request_headers())

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cf9ba5095f8aef52 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:185
            response = sync_client.get(url, headers=self._get_request_headers())

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6afbe11ae28de335 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/main.py:117
            response = oidc_client.get(
                "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity",
                params={"audience": oidc_aud},
                headers={"Metadata-Flavor": "Google"},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b54e42840af5e61d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:130
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2946e22c0cf2203d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:136
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN_V2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49d9e0cfde28b2a8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:142
            actions_id_token_request_url = os.getenv("ACTIONS_ID_TOKEN_REQUEST_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e8075ef5e117e88 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:143
            actions_id_token_request_token = os.getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4d522159ecea1063 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/main.py:154
            response = oidc_client.get(
                actions_id_token_request_url,
                params={"audience": oidc_aud},
                headers={
                    "Authorization": f"Bearer {actions_id_token_request_token}",
                    "Accept": "application/json; api-version=2.0",
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c370a55a0ec3eb01 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:170
            azure_federated_token_file = os.getenv("AZURE_FEDERATED_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43173088accde4fc Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:185
            with open(azure_federated_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1652c537bba3157d Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:190
            with open(oidc_aud, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4684262dc9ba1d4 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:195
            oidc_token = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d66fb617c1ecf48 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:201
            token_file_path = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf009d18e15a76e8 Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:204
            with open(token_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e592148b851a809f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:235
                    encrypted_secret: Any = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0bf15cdcd24ba76 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:257
                    encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8f3d5a952cee5ef Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:302
                    secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fe0b313bd2887cf Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:309
                secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3c6b35bf00266f7 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:320
            secret = os.environ.get(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10751a07cff351e2 Environment-variable access.
pkgs/python/[email protected]/litellm/types/integrations/slack_alerting.py:51
            os.getenv(
                "SLACK_DAILY_REPORT_FREQUENCY",
                int(SlackAlertingArgsEnum.daily_report_frequency.value),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8f84c4e95660b3eb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/utils.py:4441
            response = litellm.module_level_client.get(config_url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f31148d45e3d2a9a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/utils.py:4626
        response = litellm.module_level_client.get(config_url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a62e186c988535ce Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5216
    no_proxy = os.getenv("NO_PROXY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #555b45b200a9995d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5268
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6eb47ff1c69e389 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5274
                "AZURE_API_BASE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #680312344be9983a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5275
                and "AZURE_API_VERSION" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34f12c36bcc2e605 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5276
                and "AZURE_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f833775f9601b6c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5284
            if "ANTHROPIC_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fa175da09ed8b6b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5289
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96b23c21f9c2f2a1 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5294
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #437d98ac16a19a66 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5299
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90aa8c723c4d2166 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5304
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #381c6cce0ae7ff9d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5309
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a61f9f9cfcb5398d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5314
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #896d58d69f6683c5 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5319
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e75da1ad960192f4 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5324
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f4f10a39878171e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5329
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0a5e1e9042a894e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5334
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53b11c561a309a49 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5339
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f25b329d37864f04 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5344
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24d2814433a62ad0 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5350
                "AWS_ACCESS_KEY_ID" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b50cc62291dfc885 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5351
                and "AWS_SECRET_ACCESS_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b3f59722f36e354 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5358
            if "OLLAMA_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e95ca8f5795adc82 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5363
            if "ANYSCALE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #996bbfc4ab2b4142 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5368
            if "DEEPINFRA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53fa888fed407b41 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5373
            if "FEATHERLESS_AI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc7e8ee05d1fd375 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5378
            if ("GOOGLE_API_KEY" in os.environ) or ("GEMINI_API_KEY" in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afc22de45b2da9b3 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5384
            if "GROQ_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90a0464e7630c897 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5389
            if "NVIDIA_NIM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bef44f5410c6d1d7 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5394
            if "CEREBRAS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4a22920d06f9359 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5399
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b0959f52747acee Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5404
            if "XAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68f39e9603e45cb7 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5409
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee583f7519412853 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5414
            if "VOLCENGINE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8574f9da978c4efe Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5422
            if "CODESTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81bd8d411a592d06 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5427
            if "DEEPSEEK_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47a2a5c3d8f058d1 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5432
            if "MISTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7f039eddf41746c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5437
            if "PALM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e56476fa8c0930aa Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5442
            if "PERPLEXITYAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58fce4f6562bd31a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5447
            if "VOYAGE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03b40d1f18be6885 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5452
            if "INFINITY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4b9fff1a51da26e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5458
                "FIREWORKS_AI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66ab2832cadf68c7 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5459
                or "FIREWORKS_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17f1d401df7d6dd9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5460
                or "FIREWORKSAI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8572808aa0354e9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5461
                or "FIREWORKS_AI_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79da1ca31f7e59e6 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5467
            if "CLOUDFLARE_API_KEY" in os.environ and (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a95013b842176cff Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5468
                "CLOUDFLARE_ACCOUNT_ID" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0c05c381054f7a4 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5469
                or "CLOUDFLARE_API_BASE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bfa666bf17697a6 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5476
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #293c7e994275a681 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5481
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cabd898c8164e60 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5486
            if "DASHSCOPE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c48dbe4ce13123d5 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5491
            if "MOONSHOT_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d39e9ce4e7aeb1fa Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5503
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54dfd2997b5d019b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5509
            if "ANTHROPIC_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #069be672269029e2 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5515
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3a50ab60eb9f8fd Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5521
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ddb61f664cf7130 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5527
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8cbb1c42ff9a203 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5533
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #576e4acb1c57c941 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5539
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4cd71fec5d10129 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5549
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57a9e0f55b9d563f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5555
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a112910e988b317 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5561
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1564b0a76331324 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5567
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #950dc974d4ccc58c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5573
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e465c785868ab23 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5579
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71be2b43af70a585 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5585
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a14c1c7d48b8fbb0 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5590
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f60ff69b9fa6bbb7 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:5595
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6977ce56fd195f2e Filesystem access.
pkgs/python/[email protected]/litellm/utils.py:5971
        with open(config_path, "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef662562254f007e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6248
            for k, v in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bd1db3be286d468 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6312
    environ_keys = os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mcp

python dependency
medium pii_flow dependency Excluded from app score #e6dda08ea02a59b9 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452 · flow /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 → /tmp/closeopen-rw5qdvyn/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
        return httpx.Request("POST", token_url, data=refresh_data, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 39 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #1cc9b9cf3bf7007f Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:72
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #e46608d3827ea15e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/.github/actions/conformance/client.py:118
            response = await client.get(
                authorization_url,
                follow_redirects=False,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #643f1ea4dcb5a3ac Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:281
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0040da9598848cb0 Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:349
    scenario = os.environ.get("MCP_CONFORMANCE_SCENARIO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0ba3d3e1b9595719 Environment-variable access.
pkgs/python/[email protected]/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py:50
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #847b8943e499c7a4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py:113
            response = await client.get(
                authorization_url,
                follow_redirects=False,  # Don't follow redirects automatically
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #206741e32cc34a7b Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:343
    server_url = os.getenv("MCP_SERVER_PORT", 8000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #88229111fb3c168f Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:344
    transport_type = os.getenv("MCP_TRANSPORT_TYPE", "streamable-http")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c45bde18e09d00fb Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:345
    client_metadata_url = os.getenv("MCP_CLIENT_METADATA_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7bfca368a246cd0d Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:24
        self.api_key = os.getenv("LLM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #26601c39a1f1354b Filesystem access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:45
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d86e8af8078ea379 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:83
            env={**os.environ, **self.config["env"]} if self.config.get("env") else None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #d41bd0b4100c1eae Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:251
                response = client.post(url, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #85e1d98fdbf8e446 Filesystem access.
pkgs/python/[email protected]/examples/fastmcp/icons_demo.py:14
icon_data = base64.standard_b64encode(icon_path.read_bytes()).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #eb66c320fe129e21 Environment-variable access.
pkgs/python/[email protected]/examples/fastmcp/memory.py:52
PROFILE_DIR = (Path.home() / ".fastmcp" / os.environ.get("USER", "anon") / "memory").resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #23a98f1651a9b3bb Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/fastmcp/text_me.py:49
        response = client.post(
            "https://api.surgemsg.com/messages",
            headers={
                "Authorization": f"Bearer {surge_settings.api_key}",
                "Surge-Account": surge_settings.account_id,
                "Content-Type": "application/json",
            },
            json={
                "body": text_content,
                "conversation": {
                    "contact": {
                        "first_name": surge_settings.my_first_name,
                        "last_name": surge_settings.my_last_name,
                        "phone_number": surge_settings.my_phone_number,
                    }
                },
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #7994f7e841018bcd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/servers/simple-auth/mcp_simple_auth/token_verifier.py:53
                response = await client.post(
                    self.introspection_endpoint,
                    data={"token": token},
                    headers={"Content-Type": "application/x-www-form-urlencoded"},
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #f68eb409ee68dd2c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/servers/simple-tool/mcp_simple_tool/server.py:16
        response = await client.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #5dc87607b3e379ab Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/completion_client.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a36518c34adf4856 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/display_utilities.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a27eb6847cdf8ea9 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/stdio_client.py:19
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1c92a360c930e288 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/binary_resources.py:9
    with open("logo.png", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #45eb2560cb26f382 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results.py:10
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b6ed0bc514a71592 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results_binary.py:12
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #af55d640390c7403 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/prompt_embedded_resources.py:11
    file_content = open(filename).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fd061bec08c06989 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/tool_errors.py:27
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #18511d9571933350 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:53
        code = file.read_text().rstrip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9bf6428a04bd1ace Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:109
    content = doc_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7573554e2efd16df Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:134
            doc_path.write_text(updated_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ac33e3f75081971 Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:24
        path = Path(os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"), "Claude")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df03b61abe8f9f97 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:77
            config_file.write_text("{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c53825446d5044e1 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:88
        config = json.loads(config_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #552694e7e13bde18 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:135
        config_file.write_text(json.dumps(config, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #299b5711e26b8f5d Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/cli.py:282
            env=dict(os.environ.items()),  # Convert to list of tuples for env update

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #af02a9c695395079 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/mcp/client/sse.py:138
                                    response = await client.post(
                                        endpoint_url,
                                        json=session_message.message.model_dump(
                                            by_alias=True,
                                            mode="json",
                                            exclude_none=True,
                                        ),
                                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7a105fdc409ac282 Environment-variable access.
pkgs/python/[email protected]/src/mcp/client/stdio/__init__.py:59
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2c71f627272778ce Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/mcp/server/fastmcp/resources/types.py:161
            response = await client.get(self.url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #09ee0583c5d5d890 Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:47
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #110e687fb78c023d Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:94
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

rich

python dependency
medium telemetry dependency Excluded from app score #31aca49476932c12 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/rich/progress.py:173
        yield from progress.track(
            sequence,
            total=total,
            completed=completed,
            description=description,
            update_period=update_period,
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 22 low-confidence finding(s)
low env_fs dependency Excluded from app score #0dbc4761321e266e Environment-variable access.
pkgs/python/[email protected]/rich/_unicode_data/__init__.py:67
        unicode_version = os.environ.get("UNICODE_VERSION", "latest")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94dbef3a4331f7ea Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:441
        self.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51bc1016060b86c2 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:612
    term.write_text("went back and wrapped to prev line")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6fc785dfed4b735 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:615
    term.write_text("we go up")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a07a98136739d25e Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:618
    term.write_text("and down")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a1d383215d32ea7 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:623
    term.write_text("we went up and back 2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ecbed49b794e63c Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:628
    term.write_text("we went down and back 2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e075942608e3b1a1 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:636
    term.write_text("The red arrow shows the cursor location, and direction of erase")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #003327f21e649e7d Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:646
    term.write_text("The red arrow shows the cursor location, and direction of erase")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #857c6f46fe6ccfdb Filesystem access.
pkgs/python/[email protected]/rich/_windows_renderer.py:19
                term.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #492594ccb433c376 Filesystem access.
pkgs/python/[email protected]/rich/_windows_renderer.py:28
                    term.write_text("\r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00fd9780478f151b Environment-variable access.
pkgs/python/[email protected]/rich/console.py:515
        or os.getenv("DATABRICKS_RUNTIME_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92f06e5927171716 Environment-variable access.
pkgs/python/[email protected]/rich/console.py:617
    _environ: Mapping[str, str] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45c7d0d4a21f7780 Filesystem access.
pkgs/python/[email protected]/rich/console.py:2241
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b27438908fa77e03 Filesystem access.
pkgs/python/[email protected]/rich/console.py:2349
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bde0b43b188c808c Filesystem access.
pkgs/python/[email protected]/rich/console.py:2641
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7951cd84c8c10e79 Environment-variable access.
pkgs/python/[email protected]/rich/diagnose.py:32
    env = {name: os.getenv(name) for name in env_names}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3a726187397e79e Filesystem access.
pkgs/python/[email protected]/rich/json.py:134
            json_data = Path(args.path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #052737591a398003 Filesystem access.
pkgs/python/[email protected]/rich/markdown.py:777
        with open(args.path, encoding="utf-8") as markdown_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a177915bd34ec002 Filesystem access.
pkgs/python/[email protected]/rich/progress.py:1373
        handle = io.open(file, "rb", buffering=buffering)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beb1889338f9610a Filesystem access.
pkgs/python/[email protected]/rich/syntax.py:360
        code = Path(path).read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c76c7cd0c0bc2d17 Filesystem access.
pkgs/python/[email protected]/rich/theme.py:73
        with open(path, encoding=encoding) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

PyYAML

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #49513ad96a401fa4 Environment-variable access.
pkgs/python/[email protected]/setup.py:72
os.environ['SETUPTOOLS_USE_DISTUTILS'] = 'local'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6974c91f308bb4b Environment-variable access.
pkgs/python/[email protected]/setup.py:81
if 'sdist' in sys.argv or os.environ.get('PYYAML_FORCE_CYTHON') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fbc86318cdcb093 Environment-variable access.
pkgs/python/[email protected]/setup.py:160
            with_ext = getattr(self, ext.attr_name) or os.environ.get('PYYAML_FORCE_{0}'.format(ext.feature_name.upper()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #297e78008ea7e2a1 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:34
        if trust_env and os.environ.get("SSL_CERT_FILE"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf92fb392620d28d Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:35
            ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #475d44de77fe887a Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:36
        elif trust_env and os.environ.get("SSL_CERT_DIR"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d5812ead1d2d789 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:37
            ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

loguru

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #1e45688122ac4429 Environment-variable access.
pkgs/python/[email protected]/loguru/_colorama.py:25
        if "CI" in os.environ and any(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #018321278d9662ce Environment-variable access.
pkgs/python/[email protected]/loguru/_colorama.py:26
            ci in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e89520a5046697b Environment-variable access.
pkgs/python/[email protected]/loguru/_colorama.py:30
        if "PYCHARM_HOSTED" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfaeaaa61a7da2ef Environment-variable access.
pkgs/python/[email protected]/loguru/_colorama.py:32
        if os.name == "nt" and "TERM" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9dd61b88eb1161d Environment-variable access.
pkgs/python/[email protected]/loguru/_defaults.py:5
    if key not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f09e3279352e5759 Environment-variable access.
pkgs/python/[email protected]/loguru/_defaults.py:8
    val = environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #666372e0e735625b Filesystem access.
pkgs/python/[email protected]/loguru/_file_sink.py:53
        with open(path_in, "rb") as f_in:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b8eae26c89f2582 Filesystem access.
pkgs/python/[email protected]/loguru/_file_sink.py:226
        self._file = open(path, **self._kwargs)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef4dbf6544f076f5 Filesystem access.
pkgs/python/[email protected]/loguru/_logger.py:1868
                with open(str(file)) as fileobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

networkx

python dependency
expand_more 16 low-confidence finding(s)
low env_fs dependency Excluded from app score #62aac0c4c7db3b43 Environment-variable access.
pkgs/python/[email protected]/doc/conf.py:96
os.environ["_NETWORKX_BUILDING_DOCS_"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #11e22a45af0dc4b1 Filesystem access.
pkgs/python/[email protected]/examples/external/javascript_force.py:27
json.dump(d, open("force/force.json", "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #adefd0679084eafe Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/graph/plot_football.py:24
sock = urllib.request.urlopen(url)  # open URL

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #cf1c63af791a52ba Filesystem access.
pkgs/python/[email protected]/examples/graphviz_layout/plot_lanl_routes.py:22
        fh = open("lanl_routes.edgelist")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #65dfca4af8e18215 Filesystem access.
pkgs/python/[email protected]/examples/subclass/plot_printgraph.py:28
            self.fh = open(file, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3e27faf34970f3f Environment-variable access.
pkgs/python/[email protected]/networkx/conftest.py:47
        backend = os.environ.get("NETWORKX_TEST_BACKEND")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79932a112e6cc755 Environment-variable access.
pkgs/python/[email protected]/networkx/conftest.py:71
            fallback_to_nx = os.environ.get("NETWORKX_FALLBACK_TO_NX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26b9b6e67b0c8236 Environment-variable access.
pkgs/python/[email protected]/networkx/lazy_imports.py:75
    if os.environ.get("EAGER_IMPORT", ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1b719d4e58e25b2 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:153
            os.environ.get("NETWORKX_CACHE_CONVERTED_GRAPHS", True)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04fd8e9df6b54907 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:155
        fallback_to_nx=bool(os.environ.get("NETWORKX_FALLBACK_TO_NX", False)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4e77d3b18abfaf9 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:157
            _comma_sep_to_list(os.environ.get("NETWORKX_WARNINGS_TO_IGNORE", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1df8f3caceaf264 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:167
        for key, val in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cfe2acbae4388fa Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:175
            os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e503cd19b28fb0ee Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:175
            os.environ.get(
                "NETWORKX_BACKEND_PRIORITY",
                os.environ.get("NETWORKX_AUTOMATIC_BACKENDS", ""),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6afefa4e87149a1f Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:177
                os.environ.get("NETWORKX_AUTOMATIC_BACKENDS", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad0bf88a688d9b31 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:2152
if os.environ.get("_NETWORKX_BUILDING_DOCS_"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

psutil

python dependency
expand_more 28 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #71a1c8e379d76491 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:39
    with open(INIT) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df89aa4e18b91803 Environment-variable access.
pkgs/python/[email protected]/psutil/_common.py:34
PSUTIL_DEBUG = bool(os.getenv('PSUTIL_DEBUG'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #641d78660566c216 Filesystem access.
pkgs/python/[email protected]/psutil/_common.py:682
    return open(fname, "rb", buffering=FILE_READ_BUFFER_SIZE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd23eebd0e08cf71 Filesystem access.
pkgs/python/[email protected]/psutil/_common.py:692
    fobj = open(  # noqa: SIM115
        fname,
        buffering=FILE_READ_BUFFER_SIZE,
        encoding=ENCODING,
        errors=ENCODING_ERRS,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1f0a975fe6926e9 Environment-variable access.
pkgs/python/[email protected]/psutil/_psaix.py:375
        for path in os.environ["PATH"].split(":"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d7920b3a3f21fbe Filesystem access.
pkgs/python/[email protected]/psutil/_psbsd.py:142
        with open('/proc/meminfo', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26ec95a1b2270656 Filesystem access.
pkgs/python/[email protected]/psutil/_psbsd.py:276
        with open('/proc/stat', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54f195da51206505 Environment-variable access.
pkgs/python/[email protected]/psutil/_pssunos.py:119
            f"PATH=/usr/sbin:/sbin:{os.environ['PATH']}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #47899be16e123c55 Filesystem access.
pkgs/python/[email protected]/scripts/internal/convert_readme.py:33
    with open(args.file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ef9fa3d637855adf Filesystem access.
pkgs/python/[email protected]/scripts/internal/download_wheels.py:64
    with open(OUTFILE, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #375266a99d62214b Filesystem access.
pkgs/python/[email protected]/scripts/internal/download_wheels.py:87
        with open(os.path.expanduser(args.tokenfile)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #496892533ccad41a Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:98
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #30e30a0e7dc1b1ee Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:113
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fc7cf08a4728b912 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:134
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6eba11d12539af0d Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:164
    with open(fname, errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b45d5051fccd7d57 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:178
        with open(fname, errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #df6afd1d5a627dab Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:194
            res = requests.get(url, timeout=REQUEST_TIMEOUT)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #ae26a6aacd1f2862 Filesystem access.
pkgs/python/[email protected]/scripts/internal/git_pre_commit.py:156
    with open("MANIFEST.in", encoding="utf8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #d7d9e374f5de9dca Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/internal/install_pip.py:34
        req = urlopen(URL, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #0aa940f1803004e4 Filesystem access.
pkgs/python/[email protected]/scripts/internal/print_announce.py:81
    with open(HISTORY) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #358ec547cd3a62cd Environment-variable access.
pkgs/python/[email protected]/scripts/internal/print_downloads.py:42
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b881ededbfa73543 Filesystem access.
pkgs/python/[email protected]/scripts/internal/print_hashes.py:18
    with open(file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b6d5b3dba6ffd067 Filesystem access.
pkgs/python/[email protected]/scripts/internal/purge_installation.py:56
                with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #18670edc967d0220 Filesystem access.
pkgs/python/[email protected]/scripts/internal/purge_installation.py:64
                    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c71ab10f424c16b Environment-variable access.
pkgs/python/[email protected]/setup.py:46
        if "CIBUILDWHEEL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4710abe450fd649d Filesystem access.
pkgs/python/[email protected]/setup.py:142
    with open(INIT) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02bd3d95375ab914 Environment-variable access.
pkgs/python/[email protected]/setup.py:258
        if os.getenv('CC'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87509ae96d79db9a Environment-variable access.
pkgs/python/[email protected]/setup.py:259
            compiler.set_executable('compiler_so', os.getenv('CC'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pydantic

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #f2a8c3035391eec1 Filesystem access.
pkgs/python/[email protected]/pydantic/deprecated/parse.py:71
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2a5d13ca8b7f2ab Environment-variable access.
pkgs/python/[email protected]/pydantic/json_schema.py:337
                if os.getenv('PYDANTIC_PRIVATE_ALLOW_UNHANDLED_SCHEMA_TYPES'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #429d96923d353ab0 Filesystem access.
pkgs/python/[email protected]/pydantic/mypy.py:1373
    with open(config_file, 'rb') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #216803392045e824 Environment-variable access.
pkgs/python/[email protected]/pydantic/plugin/_loader.py:27
    disabled_plugins = os.getenv('PYDANTIC_DISABLE_PLUGINS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f1866cb643646f0 Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:173
            env_vars: Mapping[str, Optional[str]] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #535bb0f70f202b62 Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:175
            env_vars = {k.lower(): v for k, v in os.environ.items()}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79d3b09d255e0548 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:307
                    secret_value = path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08101a96959a9edb Filesystem access.
pkgs/python/[email protected]/pydantic/v1/mypy.py:948
    with open(config_file, read_mode) as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89e1b6491c599687 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/parse.py:57
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-dotenv

python dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #09aebaa995b81ab9 Filesystem access.
pkgs/python/[email protected]/src/dotenv/cli.py:76
        with open(path) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a533f4451a97cea Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:194
        if v is not None and (override or k not in os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c82133e2ed821634 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:225
    cmd_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a18aad697a76942 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:26
    if "PYTHON_DOTENV_DISABLED" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3bad6c040183738 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:28
    value = os.environ["PYTHON_DOTENV_DISABLED"].casefold()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58f6ef92c15bd242 Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:63
            with open(self.dotenv_path, encoding=self.encoding) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4411a44165674ec2 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:105
            if k in os.environ and not self.override:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07a7dd4bb267ff85 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:108
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #179025efcbf2d693 Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:148
        source: IO[str] = open(path, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61266ea14156c437 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:302
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de0d0579cf7c85da Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:306
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

requests

python dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #fc7213165d2d4a89 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:857
                    os.environ.get("REQUESTS_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d0d6c2a96c5f3c7 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:858
                    or os.environ.get("CURL_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b79b45be05cc3078 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:239
    netrc_file = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d8e9f44a3e0146d Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:798
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2229309fd092847a Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:799
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3934f25a6a7b64e Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:805
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd93a475d76f6945 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:807
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1010d89052b12a73 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:820
        return os.environ.get(key) or os.environ.get(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

schedule

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #7d76c6a96845080e Environment-variable access.
pkgs/python/[email protected]/test_schedule.py:29
os.environ["TZ"] = TZ_BERLIN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a951df876c0924c Environment-variable access.
pkgs/python/[email protected]/test_schedule.py:80
        self.original_zone = os.environ.get("TZ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #196c89da94f4e66c Environment-variable access.
pkgs/python/[email protected]/test_schedule.py:82
            os.environ["TZ"] = self.zone

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #811d6be05b9755ef Environment-variable access.
pkgs/python/[email protected]/test_schedule.py:92
            os.environ["TZ"] = self.original_zone

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

setuptools

python dependency
expand_more 163 low-confidence finding(s)
low env_fs dependency Excluded from app score #e73215352f8299df Environment-variable access.
pkgs/python/[email protected]/_distutils_hack/__init__.py:49
    which = os.environ.get('SETUPTOOLS_USE_DISTUTILS', 'local')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #878e2a3887e0a35e Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/command/_framework_compat.py:22
    ensurepip = os.environ.get("ENSUREPIP_OPTIONS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ada7cb3198d5dd3e Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/bdist_rpm.py:555
                    with open(val) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d31abc12523747e1 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/command/build_ext.py:800
                elif '_PYTHON_HOST_PLATFORM' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2b29c1e25e86183 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/build_scripts.py:105
            with open(outfile, "w", encoding=f.encoding) as outf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa4f467b829a4758 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/config.py:104
        with open(filename, "w", encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89ec34eba0f56f7e Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/config.py:191
        with open(out, encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79258f9ab742857f Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/config.py:348
    log.info(pathlib.Path(filename).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c38117a7af93d12 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/install_egg_info.py:55
        with open(target, 'w', encoding='UTF-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15de73f30895a588 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/sdist.py:424
        with open(self.manifest, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #342143c7eeeeb87f Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/sdist.py:434
        with open(self.manifest, encoding='utf-8') as lines:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ccd2103f4c62723 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/cygwin.py:73
        self.cc = os.environ.get('CC', self.cc or 'gcc')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcf28fe64c55ced4 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/cygwin.py:74
        self.cxx = os.environ.get('CXX', self.cxx or 'g++')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce72fc5755a9d62a Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/cygwin.py:318
        config_h = pathlib.Path(fn).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b0d3b325e3e4799 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:82
    root = os.environ.get("ProgramFiles(x86)") or os.environ.get("ProgramFiles")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eacd047ae986737a Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:151
    if os.getenv("DISTUTILS_USE_SDK"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bc85bc4c19c9ff3 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:152
        return {key.lower(): value for key, value in os.environ.items()}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f94ebd9d72e0159d Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:190
        paths = os.getenv('path').split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51b66e0bde2169b3 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:562
        env = dict(os.environ, PATH=self._paths)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa1105923b15682f Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/zos.py:114
            if (binary := os.environ.get(envvar, None))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ca855be92ab3e61 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/debug.py:5
DEBUG = os.environ.get('DISTUTILS_DEBUG')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97a939aa97ddaab8 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/dist.py:387
            yield pathlib.Path(os.getenv("DIST_EXTRA_CONFIG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #298c0de15abada1f Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/dist.py:1141
            self.read_pkg_file(open(path))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #809ec71896aca3c7 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/dist.py:1216
        with open(
            os.path.join(base_dir, 'PKG-INFO'), 'w', encoding='UTF-8'
        ) as pkg_info:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f0d1cfb188d07fd Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/file_util.py:28
            fsrc = open(src, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #659993f769918bc3 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/file_util.py:39
            fdst = open(dst, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8feea56d2f9313e4 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/file_util.py:227
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f3e20049b19bef2 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/spawn.py:52
    return os.environ if env is None else env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f497cdc696fa93e Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/spawn.py:111
        path = os.environ.get('PATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b10cef3f8ab1c65 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:48
if "_PYTHON_PROJECT_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39c4deeba40db81d Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:49
    project_base = os.path.abspath(os.environ["_PYTHON_PROJECT_BASE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac7f032432f284d6 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:330
        if 'CC' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d26f3538d45ed40b Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:331
            newcc = os.environ['CC']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc39c38c901acca2 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:332
            if 'LDSHARED' not in os.environ and ldshared.startswith(cc):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #278241cc9639a16f Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:337
        cxx = os.environ.get('CXX', cxx)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e0857e7864e0a16 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:338
        ldshared = os.environ.get('LDSHARED', ldshared)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4c8ee1142bbca0e Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:339
        ldcxxshared = os.environ.get('LDCXXSHARED', ldcxxshared)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e557d742339bdd0 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:340
        cpp = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49a44e6dde5136c0 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:340
        cpp = os.environ.get(
            'CPP',
            cc + " -E",  # not always
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fcd83f6c4f41561 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:347
        cflags = os.environ.get('CFLAGS', cflags)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71b12ea5e16f99bf Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:349
        cxxflags = os.environ.get('CXXFLAGS', cxxflags)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be68d04183397d44 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:357
        ar = os.environ.get('AR', ar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d6be65d78d1a257 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:359
        archiver = ar + ' ' + os.environ.get('ARFLAGS', ar_flags)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70b5bc4d2b3df64a Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:376
        if 'RANLIB' in os.environ and compiler.executables.get('ranlib', None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #471cf4c2969308eb Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:377
            compiler.set_executables(ranlib=os.environ['RANLIB'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abc4cde7122d285d Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:472
                elif n in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d59e3698d453c2a3 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:474
                    item = os.environ[n]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb2f13b77bacbc50 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:597
    flags = os.environ.get(f'{type}FLAGS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2583c37071f61d3a Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/text_file.py:118
        self.file = open(self.filename, errors=self.errors, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d0b08ced9cec4e9 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:57
        target = os.environ.get('VSCMD_ARG_TGT_ARCH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5f68299ae9486fd Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:94
    env_ver = os.environ.get(MACOSX_VERSION_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28f0c80f2fbd8da8 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:174
    if os.name == 'posix' and 'HOME' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f57145f437afa2a Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:178
            os.environ['HOME'] = pwd.getpwuid(os.getuid())[5]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5912a9534c3086a Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:184
    if 'PLAT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a88d6a07c7068c69 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:185
        os.environ['PLAT'] = get_platform()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2edbcd51eab2479 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:199
    lookup = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abb4496fc3e2dc29 Filesystem access.
pkgs/python/[email protected]/setuptools/_imp.py:65
            file = open(path, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6752c49dbbb16596 Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:80
    orig_pythonpath = os.environ.get('PYTHONPATH', nothing)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7980da8293e28afe Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:81
    current_pythonpath = os.environ.get('PYTHONPATH', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67726792af46cff6 Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:87
            os.environ['PYTHONPATH'] = new_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3aee66b1e46e4c9 Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:91
            os.environ.pop('PYTHONPATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16284087fee34f22 Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:93
            os.environ['PYTHONPATH'] = orig_pythonpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9c5ca4d6d4cc4a5 Environment-variable access.
pkgs/python/[email protected]/setuptools/_scripts.py:49
        return os.environ.get('__PYVENV_LAUNCHER__', _default)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b95919be84bbe09 Environment-variable access.
pkgs/python/[email protected]/setuptools/_scripts.py:238
        launcher = os.environ.get('SETUPTOOLS_LAUNCHER', 'executable')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c434a1a2108a5b56 Environment-variable access.
pkgs/python/[email protected]/setuptools/_scripts.py:245
        if ext not in os.environ['PATHEXT'].lower().split(';'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bac136c03f334116 Filesystem access.
pkgs/python/[email protected]/setuptools/_scripts.py:332
    return resources.files('setuptools').joinpath(launcher_fn).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18ff036b7a5b2494 Filesystem access.
pkgs/python/[email protected]/setuptools/_scripts.py:337
    return res.read_text(encoding='utf-8') % vars()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #493e129e75f7e672 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/autocommand/autoparse.py:330
        with open(filename_or_file, *args, **kwargs) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eaba5bf455e82f87 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/backports/tarfile/__init__.py:2829
            t = open(fileobj=name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e74fda1f6a018b1 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/backports/tarfile/__init__.py:2832
            t = open(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7c0b1ded097ef18 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/backports/tarfile/__init__.py:2872
            with open(src, 'r') as tar:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #109ad9c9a5a3c0d4 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:379
        return self.locate().read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a884c3ee4928ff03 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:382
        return self.locate().read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8e7a2ccec8c03b5 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:527
            self.read_text('METADATA')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7b7590c3cd54692 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:528
            or self.read_text('PKG-INFO')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04ba07346818e698 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:532
            or self.read_text('')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1944bb1f1ab31b12 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:567
        return EntryPoints._from_text_for(self.read_text('entry_points.txt'), self)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1d722c04836451d Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:616
        text = self.read_text('RECORD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #399db9365f8f8059 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:630
        text = self.read_text('installed-files.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d148319eafa4ab39 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:659
        text = self.read_text('SOURCES.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf53ee68f07a1906 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:672
        source = self.read_text('requires.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53dad32d6bd0be2a Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:723
            self.read_text(filename),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4118643835e6b3b Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:1014
            return self._path.joinpath(filename).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d5e908afce9bc19 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:1150
    return (dist.read_text('top_level.txt') or '').split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5dd82c9c8ae67151 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/setuptools/_vendor/jaraco/context/__init__.py:78
        req = urllib.request.urlopen(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #29f509ebb2147f88 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/jaraco/text/__init__.py:232
lorem_ipsum: str = (
    files(__name__).joinpath('Lorem ipsum.txt').read_text(encoding='utf-8')
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a7df8efac5c2afd Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/jaraco/text/__init__.py:631
    with open(filename, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e878fdc1c1f876a9 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/packaging/_manylinux.py:34
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4509976d0161030f Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/packaging/_musllinux.py:46
        with open(executable, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47d7125dd2f77570 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/__init__.py:31
    if os.getenv("ANDROID_DATA") == "/data" and os.getenv("ANDROID_ROOT") == "/system":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d4c251d2bc1281e Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/__init__.py:32
        if os.getenv("SHELL") or os.getenv("PREFIX"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac7770ccbec0c5c5 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:45
        path = os.environ.get("XDG_DATA_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8645814effe50ff Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:52
        path = os.environ.get("XDG_DATA_DIRS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae389deee6d25aae Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:76
        path = os.environ.get("XDG_CONFIG_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a20a9d00a3e5e1b1 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:83
        path = os.environ.get("XDG_CONFIG_DIRS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #514327ba54895652 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:107
        path = os.environ.get("XDG_CACHE_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6238f108a8a162e5 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:123
        path = os.environ.get("XDG_STATE_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #036b3e5cdcbb4661 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:177
        path = os.environ.get("XDG_RUNTIME_DIR", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #918ec7d8a68e1707 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:201
        path = os.environ.get("XDG_RUNTIME_DIR", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13f3aaee3aa65c56 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:238
        media_dir = os.environ.get(env_var, "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebd17c80e2ae1d4a Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:157
    result = os.environ.get(env_var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a755d9cbf06faca8 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:167
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Documents")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7bb16c6de491b90 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:170
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Downloads")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0db84280e69c002 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:173
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Pictures")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2f0aaf028ffe7ec Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:176
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Videos")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7efa5697c914c6c0 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:179
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Music")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34e3f2b04caa2281 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_bdist_wheel.py:492
        with open(wheelfile_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3f6b452cefd402d Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_bdist_wheel.py:598
            with open(dependency_links_path, encoding="utf-8") as dependency_links_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d798f11e49cc12f8 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_bdist_wheel.py:609
        with open(pkg_info_path, "w", encoding="utf-8") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e29d2573ac76375 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:171
                        requires = path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #828af28776d93b17 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:174
                        pkginfo = path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a73c5209df665c7 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:184
                            path.read_bytes(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db6aa8e0d5967aca Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:190
                yield str(path.relative_to(self.path)), path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdb341418b103409 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/pack.py:40
    with open(wheel_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b89047be72b3ff0 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/pack.py:60
            with open(wheel_file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f198fbaa0b23d1f4 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_metadata.py:151
    with open(pkginfo_path, encoding="utf-8") as headers:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75bcff33876bb49f Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_metadata.py:160
        with open(requires_path, encoding="utf-8") as requires_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fec23e1842f24e9e Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:293
    with open(path_to_lib, "rb") as lib_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c595d79849cf63b8 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:419
    if "MACOSX_DEPLOYMENT_TARGET" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a904b8a6f108914 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:421
            int(x) for x in os.environ["MACOSX_DEPLOYMENT_TARGET"].split(".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f0c60a78ffb8a4b Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:474
        if "MACOSX_DEPLOYMENT_TARGET" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d727f2622440dfeb Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/wheelfile.py:53
    timestamp = int(os.environ.get("SOURCE_DATE_EPOCH", timestamp or time.time()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b02d8245428b46f8 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/wheelfile.py:185
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #223b183d6f06ac68 Filesystem access.
pkgs/python/[email protected]/setuptools/archive_util.py:133
            with open(target, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14da3356b83f2f49 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:71
    with open(pyfile, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #275f7d83e89d9b43 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:212
            with open(native_libs, 'wt', encoding="utf-8") as libs_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3438e2765fc0ac89 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:363
            with open(fn, 'wt', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0febaa1a0a15999d Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:382
    f = open(filename, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #703fa58f65631d45 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_wheel.py:475
        with open(wheelfile_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d0637a40d028ca6 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_wheel.py:575
        with open(dependency_links_path, encoding="utf-8") as dependency_links_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daecd7cac1c35a90 Environment-variable access.
pkgs/python/[email protected]/setuptools/command/build_ext.py:160
        so_ext = os.getenv('SETUPTOOLS_EXT_SUFFIX')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8d8d3f949a98930 Filesystem access.
pkgs/python/[email protected]/setuptools/command/build_ext.py:354
        with open(stub_file, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f80bc979a721f793 Filesystem access.
pkgs/python/[email protected]/setuptools/command/build_py.py:192
            files = manifest.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #625528fc70e53884 Filesystem access.
pkgs/python/[email protected]/setuptools/command/build_py.py:261
        with open(init_py, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bffa1ebfddc94b81 Environment-variable access.
pkgs/python/[email protected]/setuptools/command/easy_install.py:18
            sys_executable=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92877eb2f205176f Environment-variable access.
pkgs/python/[email protected]/setuptools/command/easy_install.py:18
            sys_executable=os.environ.get(
                "__PYVENV_LAUNCHER__", os.path.normpath(sys.executable)
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab70e750ffb49dc2 Filesystem access.
pkgs/python/[email protected]/setuptools/command/editable_wheel.py:601
        path1.write_text("file1", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3aa7c601848d854 Filesystem access.
pkgs/python/[email protected]/setuptools/command/editable_wheel.py:604
            if path2.is_symlink() and path2.read_text(encoding="utf-8") == "file1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b79f0833bb315c5 Filesystem access.
pkgs/python/[email protected]/setuptools/command/egg_info.py:309
        f = open(filename, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2e053115ba35bd2 Filesystem access.
pkgs/python/[email protected]/setuptools/command/egg_info.py:671
    with open(filename, "wb") as f:  # always write POSIX-style manifest

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0174c3c170ff3fd8 Filesystem access.
pkgs/python/[email protected]/setuptools/command/install_scripts.py:64
        with open(target, "w" + mode, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b499814f67f292fe Filesystem access.
pkgs/python/[email protected]/setuptools/command/sdist.py:195
        with open(self.manifest, 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb631b6a1358031e Filesystem access.
pkgs/python/[email protected]/setuptools/command/sdist.py:205
        manifest = open(self.manifest, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #546dd05cc71c1d5b Filesystem access.
pkgs/python/[email protected]/setuptools/command/setopt.py:67
    with open(filename, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acf4d9e20871b8f3 Environment-variable access.
pkgs/python/[email protected]/setuptools/config/_validate_pyproject/error_reporting.py:81
        debug_code = os.getenv("JSONSCHEMA_DEBUG_CODE_GENERATION", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #557b16390f327d42 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/setuptools/config/_validate_pyproject/formats.py:158
    with urlopen(url, context=context) as response:  # noqa: S310 (audit URLs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #380406f2476cfa8f Environment-variable access.
pkgs/python/[email protected]/setuptools/config/_validate_pyproject/formats.py:192
        if os.getenv("NO_NETWORK") or os.getenv("VALIDATE_PYPROJECT_NO_NETWORK"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f5c2f5b85bbe5c2 Filesystem access.
pkgs/python/[email protected]/setuptools/config/expand.py:57
        module = ast.parse(pathlib.Path(spec.origin).read_bytes())  # type: ignore[arg-type] # Let it raise an error on None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0bc8996e742f73c Filesystem access.
pkgs/python/[email protected]/setuptools/config/expand.py:142
    with open(filepath, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #302867b746b8b4e8 Filesystem access.
pkgs/python/[email protected]/setuptools/config/pyprojecttoml.py:39
    with open(filepath, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f288f79f76ebbddb Filesystem access.
pkgs/python/[email protected]/setuptools/dist.py:586
            with open(filename, encoding='utf-8') as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fae53b94b6d5fd9c Filesystem access.
pkgs/python/[email protected]/setuptools/dist.py:820
            with open(readme_txt_filename, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22baf29a1776acfd Environment-variable access.
pkgs/python/[email protected]/setuptools/installer.py:82
    quiet = 'PIP_QUIET' not in os.environ and 'PIP_VERBOSE' not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5665852f092e461a Environment-variable access.
pkgs/python/[email protected]/setuptools/installer.py:83
    if 'PIP_INDEX_URL' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ba3d5ddf5696584 Filesystem access.
pkgs/python/[email protected]/setuptools/msvc.py:462
                with open(state_path, 'rt', encoding='utf-8') as state_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8283b081dd4c0add Filesystem access.
pkgs/python/[email protected]/setuptools/namespaces.py:23
        with open(filename, 'wt', encoding=py312.PTH_ENCODING) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44949d4412b5130f Filesystem access.
pkgs/python/[email protected]/setuptools/unicode_utils.py:73
        with open(file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cae013236e0fabba Filesystem access.
pkgs/python/[email protected]/setuptools/unicode_utils.py:77
        with open(file, "r", encoding=fallback_encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc18645ebb4dcdf0 Environment-variable access.
pkgs/python/[email protected]/setuptools/warnings.py:109
    enforce = os.getenv("SETUPTOOLS_ENFORCE_DEPRECATION", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #783650d1224f448c Filesystem access.
pkgs/python/[email protected]/setuptools/wheel.py:261
                    with open(mod_init, 'w', encoding="utf-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #31e7f433f8cedaa8 Environment-variable access.
pkgs/python/[email protected]/tools/build_launchers.py:102
        os.environ['ProgramFiles(x86)'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f376fe71372beb7b Filesystem access.
pkgs/python/[email protected]/tools/finalize.py:39
    changelog = changelog_fn.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b28bc289f38e5920 Filesystem access.
pkgs/python/[email protected]/tools/finalize.py:41
    changelog_fn.write_text(fixed, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

toml

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #c7e386a11ae94b11 Filesystem access.
pkgs/python/[email protected]/setup.py:8
with open("README.rst") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3746f6ce957b733 Filesystem access.
pkgs/python/[email protected]/toml/decoder.py:133
        with io.open(_getpath(f), encoding='utf-8') as ffile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • asyncio prod — no python source in sdist