Close Open Privacy Scan

bolt Snapshot: commit b3166e7
science engine v1.21
schedule 2026-07-17T16:16:35.188147+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

smart_toy MCP server detected: @anthropic-ai/sdk, @mistralai/mistralai, @modelcontextprotocol/sdk, openai — detected in dependencies, not a safety judgment.

App Privacy Score

92 /100
Low privacy risk

Low risk · 27 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

egress −5
env_fs −3

list Scan Summary

0 high 0 medium 27 low
First-party packages: 1
Dependency packages: 0
Ecosystem: rust

swap_horiz External domains

aiplatform.googleapis.comaka.msapi.anthropic.comapi.eu.mistral.aiapi.groq.comapi.mistral.aiapi.npms.ioapi.openai.comapi.us.mistral.aiauth.openai.comautopush-generativelanguage.sandbox.googleapis.comavatars.githubusercontent.combatch.chinacloudapi.cnbatch.core.usgovcloudapi.netbatch.core.windows.netbatch.microsoftazure.debrowser.events.data.microsoft.comc.s-microsoft.comchromium.googlesource.comcode.visualstudio.comdefault.exp-tas.comdeveloper.mozilla.orgdevelopercertificate.orgdocs.anthropic.comdocs.expo.devdocs.mistral.aidocs.npmjs.comdummy.comeducation.github.comeslint.orggallery.azure.comgallery.chinacloudapi.cngallery.cloudapi.degallery.usgovcloudapi.netgemini-api-demos.uc.r.appspot.comgenerativelanguage.googleapis.comgithub.comgo.microsoft.comgraph.chinacloudapi.cngraph.cloudapi.degraph.windows.nethelp.openai.cominsiders.vscode.devjson-schema.orglearn.microsoft.comlogin.chinacloudapi.cnlogin.microsoftonline.comlogin.microsoftonline.delogin.microsoftonline.uslogin.windows-ppe.netmanage.microsoftazure.demanage.windowsazure.usmanagement.azure.commanagement.chinacloudapi.cnmanagement.core.chinacloudapi.cnmanagement.core.cloudapi.demanagement.core.usgovcloudapi.netmanagement.core.windows.netmanagement.microsoftazure.demanagement.usgovcloudapi.netmathiasbynens.github.iomicrosoft.commicrosoft.github.ionews.google.comnpm.imollama.comontheline.trincoll.eduplatform.claude.complatform.openai.compnpm.ioportal.azure.cnportal.azure.comportal.azure.usportal.microsoftazure.deposthog.comraw.githubusercontent.comreact.devreactjs.orgregistry.bower.ioregistry.npmjs.comregistry.npmjs.orgsemver.orgsentry.iostorage.googleapis.comupdate.code.visualstudio.comus.i.posthog.comvscode.devvscode.download.prss.microsoft.comwww.allrecipes.comwww.ecma-international.orgwww.foodnetwork.comwww.freedesktop.orgwww.gnu.orgwww.googleapis.comwww.ibm.comwww.w3.org

</> First-Party Code

first-party (rust): cli

rust first-party
expand_more 27 low-confidence finding(s)
low env_fs production #bb0f298926d4c756 Filesystem access.
repo/cli/build.rs:107
	let mut file = fs::File::open(path).expect("failed to open file");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ebafacdd32553926 Environment-variable access.
repo/cli/build.rs:129
	match env::var("VSCODE_CLI_PRODUCT_JSON") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13f804408fb7520a Filesystem access.
repo/cli/build.rs:158
		let contents = fs::read(file)?;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #21102a5e8ebd8bee Hardcoded external endpoint. Review what data is sent to this destination.
repo/cli/src/auth.rs:122
	client
		.get(GH_USER_ENDPOINT)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1a80b659d2bd7e2a Environment-variable access.
repo/cli/src/auth.rs:200
	if std::env::var("VSCODE_CLI_DISABLE_KEYCHAIN_ENCRYPT").is_ok() {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1d9c7256a6bcf39 Environment-variable access.
repo/cli/src/auth.rs:411
		let native_storage_result = if std::env::var("VSCODE_CLI_USE_FILE_KEYCHAIN").is_ok()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25c34303607c0819 Filesystem access.
repo/cli/src/commands/serve_web.rs:75
			let token = fs::read_to_string(PathBuf::from(p))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ea812e88840c629 Environment-variable access.
repo/cli/src/desktop/version_manager.rs:374
	let path = match std::env::var("PATH") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4ce29dae1474f58 Filesystem access.
repo/cli/src/desktop/version_manager.rs:429
		let mut binary_file = File::create(binary_file_path).expect("expected to make file");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b2a65818246cb3e Filesystem access.
repo/cli/src/desktop/version_manager.rs:507
			File::create(&path).expect("expected to create file");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b869eedd8835859 Filesystem access.
repo/cli/src/desktop/version_manager.rs:518
				let mut f = File::create(&path).expect("expected to create file");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f891be5b2a9633f1 Filesystem access.
repo/cli/src/tunnels/code_server.rs:378
		let contents = fs::read_to_string(&self.server_paths.logfile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83e8862b28984314 Filesystem access.
repo/cli/src/tunnels/code_server.rs:629
		File::create(&self.server_paths.logfile).map_err(|e| {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99c1ee4a193e10f6 Environment-variable access.
repo/cli/src/tunnels/control_server.rs:1046
		env: std::env::vars().collect(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #782b0741e3986264 Filesystem access.
repo/cli/src/tunnels/service.rs:84
	let file = std::fs::File::open(log_file).map_err(|e| wrap(e, "error opening log file"))?;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf71d1c4a667a162 Environment-variable access.
repo/cli/src/tunnels/service_linux.rs:117
		if std::env::var("SSH_CLIENT").is_ok() || std::env::var("SSH_TTY").is_ok() {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ed6704c6d3432d9 Filesystem access.
repo/cli/src/tunnels/service_linux.rs:199
	let mut f = File::create(path)?;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eee844a7e7bbd832 Filesystem access.
repo/cli/src/tunnels/service_macos.rs:134
	let mut f = File::create(path)?;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34d12ba1d6d5a2b5 Environment-variable access.
repo/cli/src/tunnels/service_windows.rs:96
		if std::env::var(DID_LAUNCH_AS_HIDDEN_PROCESS).is_ok() {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcd89ad8b0fb6c42 Environment-variable access.
repo/cli/src/tunnels/wsl_detect.rs:20
		let sys_root = match std::env::var("SystemRoot") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d95ab3b61ff166ed Environment-variable access.
repo/cli/src/tunnels/wsl_detect.rs:25
		let is_32_on_64 = std::env::var("PROCESSOR_ARCHITEW6432").is_ok();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #321a1ad8cba60bb1 Environment-variable access.
repo/cli/src/util/errors.rs:426
		if std::env::var("WSL_DISTRO_NAME").is_ok() {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1286edfed0946a02 Filesystem access.
repo/cli/src/util/io.rs:283
		let mut append_file = File::create(&file_path).unwrap(); // truncates

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d0c4af8a5679c48 Environment-variable access.
repo/cli/src/util/machine.rs:84
		std::env::var_os("SNAP"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cef9aa5b485539f1 Environment-variable access.
repo/cli/src/util/machine.rs:85
		std::env::var_os("SNAP_REVISION"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4715a70dbf7abc4 Environment-variable access.
repo/cli/src/util/prereqs.rs:190
	std::env::var("VSCODE_SERVER_CUSTOM_GLIBC_LINKER").is_ok() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fe8830d755fe0e7 Filesystem access.
repo/cli/src/util/prereqs.rs:222
		Some(path) => match fs::read(&path).await {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @vscode/deviceid prod — dist-only: no readable source
  • vscode-markdown-languageserver prod — dist-only: no readable source
  • @vscode/l10n prod — dist-only: no readable source
  • vscode-json-languageservice prod — scan budget exceeded
  • vscode-languageserver prod — scan budget exceeded
  • vscode-css-languageservice prod — scan budget exceeded
  • vscode-html-languageservice prod — scan budget exceeded
  • byteorder prod — scan budget exceeded
  • crc prod — scan budget exceeded
  • slog prod — scan budget exceeded
  • slog-async prod — scan budget exceeded
  • slog-term prod — scan budget exceeded
  • futures prod — scan budget exceeded
  • clap prod — scan budget exceeded
  • open prod — scan budget exceeded
  • reqwest prod — scan budget exceeded
  • tokio prod — scan budget exceeded
  • tokio-util prod — scan budget exceeded
  • flate2 prod — scan budget exceeded
  • zip prod — scan budget exceeded
  • regex prod — scan budget exceeded
  • lazy_static prod — scan budget exceeded
  • sysinfo prod — scan budget exceeded
  • serde prod — scan budget exceeded
  • serde_json prod — scan budget exceeded
  • rmp-serde prod — scan budget exceeded
  • uuid prod — scan budget exceeded
  • dirs prod — scan budget exceeded
  • rand prod — scan budget exceeded
  • opentelemetry prod — scan budget exceeded
  • serde_bytes prod — scan budget exceeded
  • chrono prod — scan budget exceeded
  • gethostname prod — scan budget exceeded
  • libc prod — scan budget exceeded
  • tunnels prod — scan budget exceeded
  • keyring prod — scan budget exceeded
  • dialoguer prod — scan budget exceeded
  • hyper prod — scan budget exceeded
  • indicatif prod — scan budget exceeded
  • tempfile prod — scan budget exceeded
  • clap_lex prod — scan budget exceeded
  • url prod — scan budget exceeded
  • async-trait prod — scan budget exceeded
  • log prod — scan budget exceeded
  • const_format prod — scan budget exceeded
  • sha2 prod — scan budget exceeded
  • base64 prod — scan budget exceeded
  • shell-escape prod — scan budget exceeded
  • thiserror prod — scan budget exceeded
  • cfg-if prod — scan budget exceeded
  • pin-project prod — scan budget exceeded
  • console prod — scan budget exceeded
  • bytes prod — scan budget exceeded
  • tar prod — scan budget exceeded