← Back to search

@kevinrabun/judges

KevinRabun MIT 5 stars Scanned 48d ago

45 specialized judges that evaluate AI-generated code for security, cost, and quality.

D
40 / 100

Versions

1.0.0 latest
May 20, 2026
3.129.9
Apr 7, 2026
3.129.8
Apr 6, 2026
3.129.7
Apr 6, 2026
3.129.6
Apr 6, 2026
+ show 96 more show less
3.129.5
Apr 6, 2026
3.129.4
Apr 5, 2026
3.129.3
Apr 5, 2026
3.129.2
Apr 5, 2026
3.129.1
Apr 5, 2026
3.129.0
Apr 5, 2026
3.128.3
Apr 5, 2026
3.128.2
Apr 4, 2026
3.128.1
Apr 4, 2026
3.128.0
Apr 4, 2026
3.127.3
Apr 4, 2026
3.127.2
Apr 4, 2026
3.127.1
Apr 4, 2026
3.127.0
Apr 3, 2026
3.126.2
Apr 3, 2026
3.126.1
Apr 2, 2026
3.126.0
Apr 2, 2026
3.125.0
Apr 1, 2026
3.124.5
Mar 29, 2026
3.124.4
Mar 28, 2026
3.124.3
Mar 28, 2026
3.124.2
Mar 28, 2026
3.124.1
Mar 28, 2026
3.124.0
Mar 28, 2026
3.123.5
Mar 27, 2026
3.123.4
Mar 27, 2026
3.123.3
Mar 26, 2026
3.123.2
Mar 26, 2026
3.123.1
Mar 26, 2026
3.123.0
Mar 26, 2026
3.122.0
Mar 20, 2026
3.121.0
Mar 20, 2026
3.119.0
Mar 20, 2026
3.118.0
Mar 19, 2026
3.117.8
Mar 19, 2026
3.117.7
Mar 19, 2026
3.117.6
Mar 19, 2026
3.117.5
Mar 19, 2026
3.117.4
Mar 19, 2026
3.117.3
Mar 18, 2026
3.117.2
Mar 18, 2026
3.117.1
Mar 18, 2026
3.117.0
Mar 18, 2026
3.116.0
Mar 18, 2026
3.115.4
Mar 18, 2026
3.115.3
Mar 18, 2026
3.115.2
Mar 17, 2026
3.115.1
Mar 17, 2026
3.115.0
Mar 17, 2026
3.114.0
Mar 17, 2026
3.113.0
Mar 17, 2026
3.112.0
Mar 15, 2026
3.111.0
Mar 15, 2026
3.110.0
Mar 15, 2026
3.109.0
Mar 15, 2026
3.108.0
Mar 15, 2026
3.107.0
Mar 15, 2026
3.106.0
Mar 15, 2026
3.105.0
Mar 15, 2026
3.104.0
Mar 15, 2026
3.103.0
Mar 15, 2026
3.102.0
Mar 15, 2026
3.101.0
Mar 15, 2026
3.100.0
Mar 15, 2026
3.99.0
Mar 15, 2026
3.98.0
Mar 15, 2026
3.97.0
Mar 15, 2026
3.96.0
Mar 15, 2026
3.95.0
Mar 15, 2026
3.94.0
Mar 15, 2026
3.93.0
Mar 15, 2026
3.92.0
Mar 15, 2026
3.91.0
Mar 15, 2026
3.90.0
Mar 15, 2026
3.89.0
Mar 15, 2026
3.88.0
Mar 15, 2026
3.87.0
Mar 15, 2026
3.86.0
Mar 15, 2026
3.85.0
Mar 14, 2026
3.84.0
Mar 14, 2026
3.83.0
Mar 14, 2026
3.82.0
Mar 14, 2026
3.81.0
Mar 14, 2026
3.80.0
Mar 14, 2026
3.79.0
Mar 14, 2026
3.78.0
Mar 14, 2026
3.77.0
Mar 14, 2026
3.76.0
Mar 14, 2026
3.75.0
Mar 14, 2026
3.74.0
Mar 14, 2026
3.73.0
Mar 14, 2026
3.72.0
Mar 14, 2026
3.71.0
Mar 14, 2026
3.70.0
Mar 14, 2026
3.69.0
Mar 14, 2026
3.68.0
Mar 14, 2026
PermissionsTool SafetyAuthAnnotationsCode QualityStabilitySpecVuln HistoryAuthorTransparencyCommunity

Tools 25

get_judges
annotations: none low

List all available judges on the Agent Tribunal panel, including their areas of expertise and what they evaluate.

evaluate_policy_aware
annotations: none low

Run policy-aware tribunal evaluation with named policy profiles (startup, regulated, healthcare, fintech, public-sector), evidence calibration from runtime metrics, specialty-per-judge feedback, confidence scoring, and uncertainty reporting. Use this when code must meet specific compliance or vertical requirements.

code string path string content string context string language string testSummary string p95LatencyMs number coveragePercent number deploymentNotes string errorRatePercent number architectureNotes string dataBoundaryModel string includeAstFindings boolean dependencyVulnerabilityCount number
list_files
annotations: none low

List files and directories in the workspace. Useful for exploring project structure before evaluating code.

path string
read_file
annotations: none low

Read the contents of a file in the workspace. Returns the file text, or an error if the file is too large or missing.

path string endLine number startLine number
evaluate_with_progress
annotations: none low

Evaluate code with progressive judge-by-judge reporting. Returns intermediate counts as each judge completes, useful for large files where full tribunal takes time.

code string language string
scaffold_judge
annotations: none low

Generate the boilerplate files to add a new judge to the Judges Panel. Creates the judge definition (with self-registration), evaluator skeleton, and tells you the one line to add to index.ts. Validates that the judge ID and rule prefix are unique.

name string domain string description string
scaffold_plugin
annotations: none low

Generate a starter plugin template for the Judges Panel. Creates a self-contained plugin file with custom rules, optional custom judges, and lifecycle hooks.

name string dryRun boolean version string outputPath string description string includeHooks boolean includeCustomJudge boolean
evaluate_public_repo_report
annotations: none low

Clone a public repository URL, run the full judges panel across source files, and generate a consolidated markdown report.

branch string repoUrl string keepClone boolean outputPath string includeAstFindings boolean
evaluate_app_builder_flow
annotations: none low

Run a 3-step app-builder workflow: tribunal review, plain-language risk translation, and prioritized remediation tasks with AI-fixable P0/P1 items.

code string path string content string context string language string maxTasks number maxFindings number includeAstFindings boolean
analyze_dependencies
annotations: none low

Analyze a PACKAGE MANAGER manifest file (NOT infrastructure code) for supply-chain risks, version pinning issues, typosquatting indicators, and dependency hygiene. ONLY accepts: package.json, requirements.txt, Cargo.toml, go.mod, pom.xml, .csproj. Do NOT use this for Bicep, Terraform, ARM templates, CloudFormation, Dockerfiles, or any other infrastructure/deployment configuration — use evaluate_code or evaluate_code_single_judge for those.

manifest string
benchmark_gate
annotations: none low

Run the benchmark suite and check results against quality thresholds. Returns pass/fail with metric details including F1, precision, recall, and detection rate. Use in CI pipelines to prevent quality regressions.

minF1 number minRecall number minPrecision number minDetectionRate number
run_benchmark
annotations: none low

Run the full benchmark suite and return a detailed dashboard with per-judge, per-category, and per-difficulty breakdowns. Includes precision, recall, F1, false positive rates, and individual case results. Use this to understand overall system quality and identify weak spots.

evaluate_batch
annotations: none low

Evaluate multiple code files in a single call. Returns per-file verdicts with scores and findings, plus aggregate statistics.

code string path string language string
evaluate_then_fix
annotations: none low

Evaluate code and automatically generate fix patches for all findings that have auto-fix support. Returns the evaluation verdict alongside ready-to-apply patches. Use this for a single-step

code string context string language string includeAstFindings boolean
evaluate_focused
annotations: none low

Run a focused evaluation using only the specified judges. Use this after an initial full evaluation to re-check specific areas — for example, re-run only

code string context string language string includeAstFindings boolean
session_status
annotations: none low

Get the current evaluation session status — how many evaluations have been run, detected frameworks, verdict history per file, and stability indicators. Useful for understanding what the tribunal has already reviewed.

record_feedback
annotations: none low

Record user feedback on a finding — mark it as a true positive (tp), false positive (fp), or won

ruleId string
evaluate_git_diff
annotations: none low

Evaluate code changes from a git diff. Parses the unified diff from a git repository, identifies changed files and lines, and runs the full tribunal on each changed file — filtering findings to only those on changed lines. Supports both live git repos (provide repoPath + base ref) and pre-computed diffs (provide diffText).

explain_finding
annotations: none low

Explain a Judges Panel finding in plain language. Provides OWASP/CWE references, risk context, and remediation guidance based on the rule ID and finding details.

title string ruleId string severity string codeSnippet string description string
triage_finding
annotations: none low

Set the triage status of a tracked finding. Records the decision (accepted-risk, deferred, wont-fix, false-positive) with attribution and reason. Feeds back into calibration to reduce future false positives.

reason string ruleId string triagedBy string
get_finding_stats
annotations: none low

Get finding lifecycle statistics for the project: open, fixed, recurring, and triaged finding counts plus trends. Shows whether code quality is improving or declining over evaluation runs.

get_suppression_analytics
annotations: none low

Analyze finding suppression patterns: FP rates by rule, suppression rates by judge, auto-suppress candidates, and actionable recommendations for tuning. Use this to understand which rules need calibration.

list_triaged_findings
annotations: none low

List findings that have been triaged (accepted-risk, deferred, wont-fix, false-positive). Optionally filter by triage status. Shows the triage decision, reason, and who made it.

re_evaluate_with_context
annotations: none low

Re-evaluate code with developer-provided context from a multi-turn conversation. Accepts disputed findings, accepted findings, and additional context to adjust the evaluation. This is the agentic feedback loop — the developer explains their intent and the tribunal re-evaluates with that context, applying auto-tune and confidence filtering.

code string path string snippet string filePath string language string relationship string
fix_code
annotations: none low

Evaluate code with the Judges Panel and automatically apply all available auto-fix patches. Returns the fixed code along with a summary of applied and remaining findings. Use this to fix security, performance, and quality issues in a single step.

code string

Permissions 5

network medium
Server uses network capabilities via: axios, fetch(), http, https, node-fetch, requests
filesystem low
Server uses filesystem capabilities via: fs, fs sync ops, fs.promises, open(), os, path
shell high
Server uses shell capabilities via: child_process, execSync(), os.system(), spawn()
database medium
Server uses database capabilities via: @prisma/client, mongodb, mysql, pg, sqlite3
env_vars low
Server uses env_vars capabilities via: process.env

Scan Findings 326

critical
AWS Access Key ID found in content/snippets/rust/rs-07-xss-reflect.rs secret_scanner · 95%
info
Tool: get_judges manifest_parser · 70%
info
Tool: evaluate_policy_aware manifest_parser · 70%
info
Tool: list_files manifest_parser · 70%
info
Tool: read_file manifest_parser · 70%
info
Tool: evaluate_with_progress manifest_parser · 70%
info
Tool: scaffold_judge manifest_parser · 70%
info
Tool: scaffold_plugin manifest_parser · 70%
info
Tool: evaluate_public_repo_report manifest_parser · 70%
info
Tool: evaluate_app_builder_flow manifest_parser · 70%
info
Tool: analyze_dependencies manifest_parser · 70%
info
Tool: benchmark_gate manifest_parser · 70%
info
Tool: run_benchmark manifest_parser · 70%
info
Tool: evaluate_batch manifest_parser · 70%
info
Tool: evaluate_then_fix manifest_parser · 70%
info
Tool: evaluate_focused manifest_parser · 70%
info
Tool: session_status manifest_parser · 70%
info
Tool: record_feedback manifest_parser · 70%
info
Tool: evaluate_git_diff manifest_parser · 70%
info
Tool: explain_finding manifest_parser · 70%
info
Tool: triage_finding manifest_parser · 70%
info
Tool: get_finding_stats manifest_parser · 70%
info
Tool: get_suppression_analytics manifest_parser · 70%
info
Tool: list_triaged_findings manifest_parser · 70%
info
Tool: re_evaluate_with_context manifest_parser · 70%
info
Tool: fix_code manifest_parser · 70%
info
Transport: stdio manifest_parser · 90%
info
Required env vars (134) manifest_parser · 80%
low
Tool 'get_judges' has no annotations annotation_checker · 100%
low
Tool 'evaluate_policy_aware' has no annotations annotation_checker · 100%
low
Tool 'list_files' has no annotations annotation_checker · 100%
low
Tool 'read_file' has no annotations annotation_checker · 100%
low
Tool 'evaluate_with_progress' has no annotations annotation_checker · 100%
low
Tool 'scaffold_judge' has no annotations annotation_checker · 100%
low
Tool 'scaffold_plugin' has no annotations annotation_checker · 100%
low
Tool 'evaluate_public_repo_report' has no annotations annotation_checker · 100%
low
Tool 'evaluate_app_builder_flow' has no annotations annotation_checker · 100%
low
Tool 'analyze_dependencies' has no annotations annotation_checker · 100%
low
Tool 'benchmark_gate' has no annotations annotation_checker · 100%
low
Tool 'run_benchmark' has no annotations annotation_checker · 100%
low
Tool 'evaluate_batch' has no annotations annotation_checker · 100%
low
Tool 'evaluate_then_fix' has no annotations annotation_checker · 100%
low
Tool 'evaluate_focused' has no annotations annotation_checker · 100%
low
Tool 'session_status' has no annotations annotation_checker · 100%
low
Tool 'record_feedback' has no annotations annotation_checker · 100%
low
Tool 'evaluate_git_diff' has no annotations annotation_checker · 100%
low
Tool 'explain_finding' has no annotations annotation_checker · 100%
low
Tool 'triage_finding' has no annotations annotation_checker · 100%
low
Tool 'get_finding_stats' has no annotations annotation_checker · 100%
low
Tool 'get_suppression_analytics' has no annotations annotation_checker · 100%
low
Tool 'list_triaged_findings' has no annotations annotation_checker · 100%
low
Tool 're_evaluate_with_context' has no annotations annotation_checker · 100%
low
Tool 'fix_code' has no annotations annotation_checker · 100%
high
Hardcoded API key in tests/judges.test.ts auth_checker · 90%
high
Hardcoded API key in tests/subsystems.test.ts auth_checker · 90%
medium
Permission: network access detected permission_analyzer · 90%
low
Permission: filesystem access detected permission_analyzer · 90%
high
Permission: shell access detected permission_analyzer · 95%
medium
Permission: database access detected permission_analyzer · 90%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Vulnerable dependency: @anthropic-ai/sdk@0.81.0 (GHSA-p7fg-763f-g4gf) dependency_analyzer · 95%
high
Hardcoded Password found in CHANGELOG.md secret_scanner · 65%
high
Hardcoded Password found in README.md secret_scanner · 65%
critical
AWS Access Key ID found in content/snippets/go/go-01-auth-bypass.go secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/go/go-07-xss-reflect.go secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/go/go-07-xss-reflect.go secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/go/go-04-hardcoded-secret.go secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/go/go-04-hardcoded-secret.go secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/go/go-02-command-injection.go secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/go/go-02-command-injection.go secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/python/py-03-command-injection.py secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/python/py-03-command-injection.py secret_scanner · 75%
high
Generic API Key Assignment found in content/snippets/python/py-05-hardcoded-secret.py secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/python/py-01-auth-bypass.py secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/typescript/ts-07-xss-reflect.ts secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/typescript/ts-07-xss-reflect.ts secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/typescript/ts-03-hardcoded-secret.ts secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/typescript/ts-03-hardcoded-secret.ts secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/typescript/ts-01-auth-bypass.ts secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/rust/rs-04-hardcoded-secret.rs secret_scanner · 95%
info
package.json metadata manifest_parser · 100%
critical
AWS Access Key ID found in content/snippets/rust/rs-01-auth-bypass.rs secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/java/java-01-auth-bypass.java secret_scanner · 95%
high
Hardcoded Password found in content/snippets/java/java-03-hardcoded-secret.java secret_scanner · 65%
high
Hardcoded Password found in content/snippets/java/java-02-sql-injection.java secret_scanner · 65%
critical
AWS Access Key ID found in content/snippets/java/java-07-xss-reflect.java secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/java/java-07-xss-reflect.java secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/java/java-04-path-traversal.java secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/cpp/cpp-04-hardcoded-secret.cpp secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/cpp/cpp-04-hardcoded-secret.cpp secret_scanner · 75%
high
Hardcoded Password found in content/snippets/cpp/cpp-05-path-traversal.cpp secret_scanner · 65%
critical
AWS Access Key ID found in content/snippets/cpp/cpp-01-auth-bypass.cpp secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/cpp/cpp-02-command-injection.cpp secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/cpp/cpp-02-command-injection.cpp secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/cpp/cpp-07-buffer-overflow.cpp secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/cpp/cpp-07-buffer-overflow.cpp secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/cpp/cpp-08-format-string.cpp secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/cpp/cpp-08-format-string.cpp secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/csharp/cs-03-hardcoded-secret.cs secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/csharp/cs-03-hardcoded-secret.cs secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/csharp/cs-08-command-injection.cs secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/csharp/cs-08-command-injection.cs secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/csharp/cs-06-unsafe-deserialize.cs secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/csharp/cs-01-auth-bypass.cs secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/csharp/cs-07-xss-reflect.cs secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/csharp/cs-07-xss-reflect.cs secret_scanner · 75%
high
Hardcoded Password found in content/snippets/csharp/cs-04-path-traversal.cs secret_scanner · 65%
critical
Database URL with Password found in content/snippets/javascript/js-03-hardcoded-secret.js secret_scanner · 85%
high
Hardcoded Password found in content/snippets/javascript/js-03-hardcoded-secret.js secret_scanner · 65%
high
Hardcoded Password found in docs/real-world-evidence.md secret_scanner · 65%
high
Generic API Key Assignment found in docs/playground.html secret_scanner · 75%
high
Hardcoded Password found in docs/playground.html secret_scanner · 65%
high
Hardcoded Password found in examples/quickstart.ts secret_scanner · 65%
high
Generic API Key Assignment found in examples/sample-vulnerable-api.ts secret_scanner · 75%
critical
Database URL with Password found in examples/sample-vulnerable-api.ts secret_scanner · 85%
high
Hardcoded Password found in examples/sample-vulnerable-api.ts secret_scanner · 65%
high
Generic API Key Assignment found in scripts/debug-missed.ts secret_scanner · 75%
high
Hardcoded Password found in src/evaluators/false-positive-review.ts secret_scanner · 65%
high
Hardcoded Password found in src/commands/benchmark-coverage-gaps.ts secret_scanner · 65%
critical
AWS Access Key ID found in src/commands/benchmark-expanded.ts secret_scanner · 95%
high
Generic API Key Assignment found in src/commands/benchmark-expanded.ts secret_scanner · 75%
critical
Database URL with Password found in src/commands/benchmark-expanded.ts secret_scanner · 85%
high
Hardcoded Password found in src/commands/benchmark-expanded.ts secret_scanner · 65%
critical
AWS Access Key ID found in src/commands/benchmark-quality-ops.ts secret_scanner · 95%
critical
AWS Secret Access Key found in src/commands/benchmark-languages.ts secret_scanner · 90%
high
Generic API Key Assignment found in src/commands/benchmark-languages.ts secret_scanner · 75%
high
Hardcoded Password found in src/commands/benchmark-languages.ts secret_scanner · 65%
critical
AWS Access Key ID found in src/commands/benchmark-infrastructure.ts secret_scanner · 95%
critical
AWS Secret Access Key found in src/commands/benchmark-infrastructure.ts secret_scanner · 90%
critical
RSA Private Key found in src/commands/benchmark-infrastructure.ts secret_scanner · 95%
critical
Stripe Key found in src/commands/benchmark-infrastructure.ts secret_scanner · 90%
critical
Database URL with Password found in src/commands/benchmark-infrastructure.ts secret_scanner · 85%
high
Hardcoded Password found in src/commands/benchmark-infrastructure.ts secret_scanner · 65%
critical
AWS Access Key ID found in src/commands/benchmark-security-deep.ts secret_scanner · 95%
critical
AWS Secret Access Key found in src/commands/benchmark-security-deep.ts secret_scanner · 90%
high
Generic API Key Assignment found in src/commands/benchmark-security-deep.ts secret_scanner · 75%
critical
Database URL with Password found in src/commands/benchmark-security-deep.ts secret_scanner · 85%
high
Hardcoded Password found in src/commands/benchmark-security-deep.ts secret_scanner · 65%
critical
AWS Access Key ID found in src/commands/benchmark-ai-agents.ts secret_scanner · 95%
critical
AWS Secret Access Key found in src/commands/benchmark-ai-agents.ts secret_scanner · 90%
high
Generic API Key Assignment found in src/commands/benchmark-ai-agents.ts secret_scanner · 75%
critical
Database URL with Password found in src/commands/benchmark-ai-agents.ts secret_scanner · 85%
high
Generic API Key Assignment found in src/commands/snippet-eval.ts secret_scanner · 75%
critical
Database URL with Password found in src/commands/benchmark-multi-file.ts secret_scanner · 85%
critical
AWS Access Key ID found in src/commands/benchmark-advanced.ts secret_scanner · 95%
critical
AWS Secret Access Key found in src/commands/benchmark-advanced.ts secret_scanner · 90%
high
Generic API Key Assignment found in src/commands/benchmark-advanced.ts secret_scanner · 75%
critical
Database URL with Password found in src/commands/benchmark-advanced.ts secret_scanner · 85%
high
Hardcoded Password found in src/commands/benchmark-advanced.ts secret_scanner · 65%
high
Generic API Key Assignment found in src/commands/benchmark-expanded-2.ts secret_scanner · 75%
high
Hardcoded Password found in src/commands/benchmark-expanded-2.ts secret_scanner · 65%
high
Generic API Key Assignment found in src/commands/benchmark.ts secret_scanner · 75%
high
Hardcoded Password found in src/commands/benchmark.ts secret_scanner · 65%
high
Hardcoded Password found in src/commands/coach-mode.ts secret_scanner · 65%
medium
Buffer.from base64 in src/evaluators/data-security.ts:403 entropy_analyzer · 75%
medium
High-entropy string (5.95 bits/char) in src/commands/benchmark-coverage-gaps.ts:177 entropy_analyzer · 54%
info
SLSA Build Level 3 detected slsa_assessor · 85%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 551 components sbom_generator · 100%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%
high
Permission: shell access detected permission_analyzer · 95%
medium
Permission: database access detected permission_analyzer · 90%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Vulnerable dependency: @anthropic-ai/sdk@0.81.0 (GHSA-p7fg-763f-g4gf) dependency_analyzer · 95%
high
Hardcoded Password found in CHANGELOG.md secret_scanner · 65%
high
Hardcoded Password found in README.md secret_scanner · 65%
critical
AWS Access Key ID found in content/snippets/go/go-01-auth-bypass.go secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/go/go-07-xss-reflect.go secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/go/go-07-xss-reflect.go secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/go/go-04-hardcoded-secret.go secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/go/go-04-hardcoded-secret.go secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/go/go-02-command-injection.go secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/go/go-02-command-injection.go secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/python/py-03-command-injection.py secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/python/py-03-command-injection.py secret_scanner · 75%
high
Generic API Key Assignment found in content/snippets/python/py-05-hardcoded-secret.py secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/python/py-01-auth-bypass.py secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/typescript/ts-07-xss-reflect.ts secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/typescript/ts-07-xss-reflect.ts secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/typescript/ts-03-hardcoded-secret.ts secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/typescript/ts-03-hardcoded-secret.ts secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/typescript/ts-01-auth-bypass.ts secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/rust/rs-04-hardcoded-secret.rs secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/rust/rs-07-xss-reflect.rs secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/rust/rs-01-auth-bypass.rs secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/java/java-01-auth-bypass.java secret_scanner · 95%
high
Hardcoded Password found in content/snippets/java/java-03-hardcoded-secret.java secret_scanner · 65%
high
Hardcoded Password found in content/snippets/java/java-02-sql-injection.java secret_scanner · 65%
critical
AWS Access Key ID found in content/snippets/java/java-07-xss-reflect.java secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/java/java-07-xss-reflect.java secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/java/java-04-path-traversal.java secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/cpp/cpp-04-hardcoded-secret.cpp secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/cpp/cpp-04-hardcoded-secret.cpp secret_scanner · 75%
high
Hardcoded Password found in content/snippets/cpp/cpp-05-path-traversal.cpp secret_scanner · 65%
critical
AWS Access Key ID found in content/snippets/cpp/cpp-01-auth-bypass.cpp secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/cpp/cpp-02-command-injection.cpp secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/cpp/cpp-02-command-injection.cpp secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/cpp/cpp-07-buffer-overflow.cpp secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/cpp/cpp-07-buffer-overflow.cpp secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/cpp/cpp-08-format-string.cpp secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/cpp/cpp-08-format-string.cpp secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/csharp/cs-03-hardcoded-secret.cs secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/csharp/cs-03-hardcoded-secret.cs secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/csharp/cs-08-command-injection.cs secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/csharp/cs-08-command-injection.cs secret_scanner · 75%
critical
AWS Access Key ID found in content/snippets/csharp/cs-06-unsafe-deserialize.cs secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/csharp/cs-01-auth-bypass.cs secret_scanner · 95%
critical
AWS Access Key ID found in content/snippets/csharp/cs-07-xss-reflect.cs secret_scanner · 95%
high
Generic API Key Assignment found in content/snippets/csharp/cs-07-xss-reflect.cs secret_scanner · 75%
high
Hardcoded Password found in content/snippets/csharp/cs-04-path-traversal.cs secret_scanner · 65%
critical
Database URL with Password found in content/snippets/javascript/js-03-hardcoded-secret.js secret_scanner · 85%
high
Hardcoded Password found in content/snippets/javascript/js-03-hardcoded-secret.js secret_scanner · 65%
high
Hardcoded Password found in docs/real-world-evidence.md secret_scanner · 65%
high
Generic API Key Assignment found in docs/playground.html secret_scanner · 75%
high
Hardcoded Password found in docs/playground.html secret_scanner · 65%
high
Hardcoded Password found in examples/quickstart.ts secret_scanner · 65%
high
Generic API Key Assignment found in examples/sample-vulnerable-api.ts secret_scanner · 75%
critical
Database URL with Password found in examples/sample-vulnerable-api.ts secret_scanner · 85%
high
Hardcoded Password found in examples/sample-vulnerable-api.ts secret_scanner · 65%
high
Generic API Key Assignment found in scripts/debug-missed.ts secret_scanner · 75%
info
SBOM generated: 551 components sbom_generator · 100%
high
Hardcoded Password found in src/evaluators/false-positive-review.ts secret_scanner · 65%
high
Hardcoded Password found in src/commands/benchmark-coverage-gaps.ts secret_scanner · 65%
critical
AWS Access Key ID found in src/commands/benchmark-expanded.ts secret_scanner · 95%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%
high
Generic API Key Assignment found in src/commands/benchmark-expanded.ts secret_scanner · 75%
critical
Database URL with Password found in src/commands/benchmark-expanded.ts secret_scanner · 85%
high
Hardcoded Password found in src/commands/benchmark-expanded.ts secret_scanner · 65%
critical
AWS Access Key ID found in src/commands/benchmark-quality-ops.ts secret_scanner · 95%
critical
AWS Secret Access Key found in src/commands/benchmark-languages.ts secret_scanner · 90%
high
Generic API Key Assignment found in src/commands/benchmark-languages.ts secret_scanner · 75%
high
Hardcoded Password found in src/commands/benchmark-languages.ts secret_scanner · 65%
critical
AWS Access Key ID found in src/commands/benchmark-infrastructure.ts secret_scanner · 95%
critical
AWS Secret Access Key found in src/commands/benchmark-infrastructure.ts secret_scanner · 90%
critical
RSA Private Key found in src/commands/benchmark-infrastructure.ts secret_scanner · 95%
critical
Stripe Key found in src/commands/benchmark-infrastructure.ts secret_scanner · 90%
critical
Database URL with Password found in src/commands/benchmark-infrastructure.ts secret_scanner · 85%
high
Hardcoded Password found in src/commands/benchmark-infrastructure.ts secret_scanner · 65%
critical
AWS Access Key ID found in src/commands/benchmark-security-deep.ts secret_scanner · 95%
critical
AWS Secret Access Key found in src/commands/benchmark-security-deep.ts secret_scanner · 90%
high
Generic API Key Assignment found in src/commands/benchmark-security-deep.ts secret_scanner · 75%
critical
Database URL with Password found in src/commands/benchmark-security-deep.ts secret_scanner · 85%
high
Hardcoded Password found in src/commands/benchmark-security-deep.ts secret_scanner · 65%
critical
AWS Access Key ID found in src/commands/benchmark-ai-agents.ts secret_scanner · 95%
critical
AWS Secret Access Key found in src/commands/benchmark-ai-agents.ts secret_scanner · 90%
high
Generic API Key Assignment found in src/commands/benchmark-ai-agents.ts secret_scanner · 75%
critical
Database URL with Password found in src/commands/benchmark-ai-agents.ts secret_scanner · 85%
high
Generic API Key Assignment found in src/commands/snippet-eval.ts secret_scanner · 75%
critical
Database URL with Password found in src/commands/benchmark-multi-file.ts secret_scanner · 85%
critical
AWS Access Key ID found in src/commands/benchmark-advanced.ts secret_scanner · 95%
critical
AWS Secret Access Key found in src/commands/benchmark-advanced.ts secret_scanner · 90%
high
Generic API Key Assignment found in src/commands/benchmark-advanced.ts secret_scanner · 75%
critical
Database URL with Password found in src/commands/benchmark-advanced.ts secret_scanner · 85%
high
Hardcoded Password found in src/commands/benchmark-advanced.ts secret_scanner · 65%
high
Generic API Key Assignment found in src/commands/benchmark-expanded-2.ts secret_scanner · 75%
high
Hardcoded Password found in src/commands/benchmark-expanded-2.ts secret_scanner · 65%
high
Generic API Key Assignment found in src/commands/benchmark.ts secret_scanner · 75%
high
Hardcoded Password found in src/commands/benchmark.ts secret_scanner · 65%
high
Hardcoded Password found in src/commands/coach-mode.ts secret_scanner · 65%
medium
Buffer.from base64 in src/evaluators/data-security.ts:403 entropy_analyzer · 75%
medium
High-entropy string (5.95 bits/char) in src/commands/benchmark-coverage-gaps.ts:177 entropy_analyzer · 54%
info
SLSA Build Level 3 detected slsa_assessor · 85%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
package.json metadata manifest_parser · 100%
info
Tool: get_judges manifest_parser · 70%
info
Tool: evaluate_policy_aware manifest_parser · 70%
info
Tool: list_files manifest_parser · 70%
info
Tool: read_file manifest_parser · 70%
info
Tool: evaluate_with_progress manifest_parser · 70%
info
Tool: scaffold_judge manifest_parser · 70%
info
Tool: scaffold_plugin manifest_parser · 70%
info
Tool: evaluate_public_repo_report manifest_parser · 70%
info
Tool: evaluate_app_builder_flow manifest_parser · 70%
info
Tool: analyze_dependencies manifest_parser · 70%
info
Tool: benchmark_gate manifest_parser · 70%
info
Tool: run_benchmark manifest_parser · 70%
info
Tool: evaluate_batch manifest_parser · 70%
info
Tool: evaluate_then_fix manifest_parser · 70%
info
Tool: evaluate_focused manifest_parser · 70%
info
Tool: session_status manifest_parser · 70%
info
Tool: record_feedback manifest_parser · 70%
info
Tool: evaluate_git_diff manifest_parser · 70%
info
Tool: explain_finding manifest_parser · 70%
info
Tool: triage_finding manifest_parser · 70%
info
Tool: get_finding_stats manifest_parser · 70%
info
Tool: get_suppression_analytics manifest_parser · 70%
info
Tool: list_triaged_findings manifest_parser · 70%
info
Tool: re_evaluate_with_context manifest_parser · 70%
info
Tool: fix_code manifest_parser · 70%
info
Transport: stdio manifest_parser · 90%
info
Required env vars (134) manifest_parser · 80%
low
Tool 'get_judges' has no annotations annotation_checker · 100%
low
Tool 'evaluate_policy_aware' has no annotations annotation_checker · 100%
low
Tool 'list_files' has no annotations annotation_checker · 100%
low
Tool 'read_file' has no annotations annotation_checker · 100%
low
Tool 'evaluate_with_progress' has no annotations annotation_checker · 100%
low
Tool 'scaffold_judge' has no annotations annotation_checker · 100%
low
Tool 'scaffold_plugin' has no annotations annotation_checker · 100%
low
Tool 'evaluate_public_repo_report' has no annotations annotation_checker · 100%
low
Tool 'evaluate_app_builder_flow' has no annotations annotation_checker · 100%
low
Tool 'analyze_dependencies' has no annotations annotation_checker · 100%
low
Tool 'benchmark_gate' has no annotations annotation_checker · 100%
low
Tool 'run_benchmark' has no annotations annotation_checker · 100%
low
Tool 'evaluate_batch' has no annotations annotation_checker · 100%
low
Tool 'evaluate_then_fix' has no annotations annotation_checker · 100%
low
Tool 'evaluate_focused' has no annotations annotation_checker · 100%
low
Tool 'session_status' has no annotations annotation_checker · 100%
low
Tool 'record_feedback' has no annotations annotation_checker · 100%
low
Tool 'evaluate_git_diff' has no annotations annotation_checker · 100%
low
Tool 'explain_finding' has no annotations annotation_checker · 100%
low
Tool 'triage_finding' has no annotations annotation_checker · 100%
low
Tool 'get_finding_stats' has no annotations annotation_checker · 100%
low
Tool 'get_suppression_analytics' has no annotations annotation_checker · 100%
low
Tool 'list_triaged_findings' has no annotations annotation_checker · 100%
low
Tool 're_evaluate_with_context' has no annotations annotation_checker · 100%
low
Tool 'fix_code' has no annotations annotation_checker · 100%
high
Hardcoded API key in tests/judges.test.ts auth_checker · 90%
high
Hardcoded API key in tests/subsystems.test.ts auth_checker · 90%
medium
Permission: network access detected permission_analyzer · 90%
low
Permission: filesystem access detected permission_analyzer · 90%