Repos / ramsani__ClaudeClaw / Security

Security: Claudeclaw

22
Vulnerabilities
4
Credential Leaks
FAIL
Quality Gate
C
OWASP Grade
17.5h
Tech Debt (D)
High
DORA Rating

AI Fix Prompts

Auto-generated prompts to fix every issue — copy into Claude, GPT, or any AI coder

View AI Prompts
Want this analysis on your repo? https://repobility.com/scan/

Quality Gate: Default Gate

Open data · scored by Repobility · https://repobility.com
MetricCondition
overall_score0.0 >= 50
security_score0.0 >= 40
critical_vulnerabilities4.0 <= 0
critical_credentials0.0 <= 0
duplication_pct0.9 <= 20

DORA Metrics

Same analyzer free for public repos: https://repobility.com
Deploy Frequencyunknown (0.0/week)
Lead Time1.1 hours
MTTR0.0 hours
Change Failure Rate0.0%
Total Commits29
Overall RatingHIGH

Vulnerabilities (22)

Powered by Repobility · code-quality intelligence
SeverityIDPackageVersionSummary
criticalGHSA-hr2v-3952-633qdeep-extend-Prototype Pollution in deep-extend
criticalGHSA-g2q5-5433-rhrfrc-Embedded malware in rc
criticalGHSA-wc9v-mj63-m9g5pg-Remote Code Execution in pg
criticalGHSA-xvch-5gv4-984hminimist-Prototype Pollution in minimist
highGHSA-6663-c963-2gqgws-DoS due to excessively large websocket message in ws
highGHSA-qqgx-2p2h-9c37ini-ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
highGHSA-wpg7-2c88-r8xvsimple-get-Exposure of Sensitive Information in simple-get
highGHSA-8cj5-5rvv-wf4vtar-fs-tar-fs can extract outside the specified dir with a specific tarball
highGHSA-pq67-2wwv-3xjxtar-fs-tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
highGHSA-vj76-c3g6-qr5vtar-fs-tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
highGHSA-x2mc-8fgj-3wmrtar-fs-Improper Input Validation in tar-fs
highGHSA-3h5v-q93c-6h6qws-ws affected by a DoS when handling a request with many HTTP headers
highGHSA-5v72-xg48-5rpmws-Denial of Service in ws
highGHSA-c2qf-rxjj-qqgwsemver-semver vulnerable to Regular Expression Denial of Service
highGHSA-x6fg-f45m-jf5qsemver-Regular Expression Denial of Service in semver
mediumGHSA-pp7h-53gx-mx7rbl-Remote Memory Exposure in bl
mediumGHSA-6fc8-4gx4-v693ws-ReDoS in Sec-Websocket-Protocol header
mediumGHSA-xc7v-wxcw-j472tunnel-agent-Memory Exposure in tunnel-agent
mediumGHSA-wrw9-m778-g6mcbl-Memory Exposure in bl
mediumGHSA-vh95-rmgr-6w4mminimist-Prototype Pollution in minimist
lowGHSA-c6rq-rjc2-86v2chownr-Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
lowGHSA-2mhh-w6q8-5hxwws-Remote Memory Disclosure in ws

Credential Findings (4)

Generated by the Repobility scanner · https://repobility.com
SeverityPatternFileLine
high[sast:aljefra/taint-path-traversal] Path Traversal via Tainted DataOpus46/lib/files.js90
high[sast:aljefra/ssrf-http-client] SSRF via HTTP Client with Dynamic URLOpus46/public/sw.js24
high[sast:aljefra/ssrf-http-client] SSRF via HTTP Client with Dynamic URLOpus46/public/sw.js30
highTelegram Bot Tokentelegram-claude-bridge.js11

Export

SARIF SBOM (CycloneDX) SBOM (SPDX) Vulns CSV Generate AI Fix Prompts (5)