Home / NVIDIA / NemoClaw
Repository Analysis

NVIDIA/NemoClaw

Run agents like Hermes and OpenClaw more securely inside NVIDIA OpenShell with managed inference

13.8 Low AI signal View on GitHub
13.8
Adjusted Score
13.8
Raw Score
100%
Time Factor
2026-05-30
Last Push
20,722
Stars
TypeScript
Language
381,969
Lines of Code
1605
Files
2796
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 36MEDIUM 1106LOW 1654

Pattern Findings

2796 matches across 14 categories. Click a row to expand file-level details.

Decorative Section Separators1088 hits · 3368 pts
SeverityFileLineSnippet
MEDIUM.pre-commit-config.yaml36 # ── Priority 0: general file fixers ───────────────────────────────────────
MEDIUM.pre-commit-config.yaml51 # ── Priority 0: reject force-added ignored files ───────────────────────────
MEDIUM.pre-commit-config.yaml76 # ── Priority 3: sync generated docs before read-only validation ───────────
MEDIUM.pre-commit-config.yaml87 # ── Priority 5: formatters ────────────────────────────────────────────────
MEDIUM.pre-commit-config.yaml110 # ── Priority 6: auto-fix after formatting ─────────────────────────────────
MEDIUM.pre-commit-config.yaml121 # ── Priority 10: linters and validation ─────────────────────────────────────
MEDIUM.pre-commit-config.yaml213 # ── commit-msg hooks ────────────────────────────────────────────────────────
MEDIUM.pre-commit-config.yaml222 # ── pre-push hooks ─────────────────────────────────────────────────────────
MEDIUM.pre-commit-config.yaml262 # ── post-merge / post-checkout: warn about stale compiled dist/ ───────────
MEDIUM.pre-commit-config.yaml278 # ── Priority 20: project-level checks (coverage + ratchet) ─────────────────
MEDIUM.coderabbit.yaml117 # ── E2E test recommendations ──────────────────────────────────
MEDIUM.coderabbit.yaml566 # ── Split cloud-experimental tests (#2644) ──────────────────
MEDIUMtest/gateway-state-reconcile-2276.test.ts290// ─── Scenario 1 ─── destructive path preserved for `connect` ───────────────
MEDIUMtest/gateway-state-reconcile-2276.test.ts318// ─── Scenario 2 ─── destructive path preserved for `status` ────────────────
MEDIUMtest/gateway-state-reconcile-2276.test.ts350// ─── Scenario 3 ─── self-heal via gateway select succeeds ──────────────────
MEDIUMtest/gateway-state-reconcile-2276.test.ts421// ─── Scenario 5 ─── exact #2276 repro: registry entry still present ────────
MEDIUMtest/gateway-state-reconcile-2276.test.ts421// ─── Scenario 5 ─── exact #2276 repro: registry entry still present ────────
MEDIUMtest/gateway-state-reconcile-2276.test.ts450// ─── Scenario 6 ─── nemoclaw gateway missing + NotFound ────────────────────
MEDIUMtest/gateway-state-reconcile-2276.test.ts482// ─── Scenario 7 ─── nemoclaw gateway unreachable + NotFound ────────────────
MEDIUMtest/gateway-state-reconcile-2276.test.ts514// ─── Scenario 8 ─── gateway info fails / unparseable ───────────────────────
MEDIUMtest/gateway-state-reconcile-2276.test.ts543// ─── Scenario 9 ─── openshell status empty / malformed ─────────────────────
MEDIUMtest/gateway-state-reconcile-2276.test.ts595// ─── Scenario 10 ─── non-interactive mode: no prompts ──────────────────────
MEDIUMtest/gateway-state-reconcile-2276.test.ts625// ─── Scenario 11 ─── cross-command parity: status drifts same way ──────────
MEDIUMtest/validate-config-schemas.test.ts93// ── Validation target discovery ─────────────────────────────────────────────
MEDIUMtest/validate-config-schemas.test.ts121// ── Blueprint ────────────────────────────────────────────────────────────────
MEDIUMtest/validate-config-schemas.test.ts215// ── Model Router pool config ────────────────────────────────────────────────
MEDIUMtest/validate-config-schemas.test.ts247// ── Base sandbox policy ──────────────────────────────────────────────────────
MEDIUMtest/validate-config-schemas.test.ts380// ── Policy presets ───────────────────────────────────────────────────────────
MEDIUMtest/validate-config-schemas.test.ts508// ── OpenClaw plugin manifest ─────────────────────────────────────────────────
MEDIUMtest/validate-config-schemas.test.ts561// ── Model-Specific Setup ────────────────────────────────────────────────────
MEDIUMtest/e2e-non-root-smoke.sh93# ── Summary ─────────────────────────────────────────────────────
MEDIUMtest/security-sandbox-tar-traversal.test.ts20// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-sandbox-tar-traversal.test.ts22// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-sandbox-tar-traversal.test.ts149// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-sandbox-tar-traversal.test.ts151// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-sandbox-tar-traversal.test.ts157// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-sandbox-tar-traversal.test.ts188// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-sandbox-tar-traversal.test.ts190// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-c4-manifest-traversal.test.ts17// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-c4-manifest-traversal.test.ts19// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-c4-manifest-traversal.test.ts193// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-c4-manifest-traversal.test.ts195// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-c4-manifest-traversal.test.ts258// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/security-c4-manifest-traversal.test.ts260// ═══════════════════════════════════════════════════════════════════
MEDIUMtest/repro-2201.test.ts81 // ── Registry — both sandboxes exist ───────────────────────────
MEDIUMtest/repro-2201.test.ts157 // ── Dummy workspace dir for the fake ssh tar call ─────────────
MEDIUMtest/repro-2201.test.ts162 // ── Fake openshell ────────────────────────────────────────────
MEDIUMtest/repro-2201.test.ts184 // ── Fake docker ─────────────────────────────────────────────────
MEDIUMtest/repro-2201.test.ts199 // ── Fake ssh ──────────────────────────────────────────────────
MEDIUMtest/ollama-tools-capability.test.ts195// ─────────────────────────────────────────────────────────────────
MEDIUMtest/ollama-tools-capability.test.ts208// ─────────────────────────────────────────────────────────────────
MEDIUMtest/ollama-tools-capability.test.ts426// ─────────────────────────────────────────────────────────────────
MEDIUMtest/ollama-tools-capability.test.ts434// ─────────────────────────────────────────────────────────────────
MEDIUMtest/ollama-tools-capability.test.ts551// ─────────────────────────────────────────────────────────────────
MEDIUMtest/ollama-tools-capability.test.ts557// ─────────────────────────────────────────────────────────────────
MEDIUMtest/e2e-port-overrides.sh89# ── Test 1: Default port works through real entrypoint ──────────
MEDIUMtest/e2e-port-overrides.sh99# ── Test 2: Valid port override accepted by real entrypoint ─────
MEDIUMtest/e2e-port-overrides.sh109# ── Test 3: Non-numeric port rejected by real entrypoint ────────
MEDIUMtest/e2e-port-overrides.sh114# ── Test 4: Privileged port rejected by real entrypoint ─────────
MEDIUMtest/e2e-port-overrides.sh119# ── Test 5: Port above 65535 rejected by real entrypoint ────────
1028 more matches not shown…
Hyper-Verbose Identifiers1082 hits · 1092 pts
SeverityFileLineSnippet
LOWtest/onboard-brave-validation.test.ts126function runInteractiveConfigureWebSearch(spec: { answers: string[] }): {
LOWtest/onboard-resume-provider-recovery.test.ts20function isProviderRecoveryInternals(value: object | null): value is ProviderRecoveryInternals {
LOWtest/openclaw-tui-chat-correlation.test.ts529function looksLikeEventCaptureFailure(repro: LiveIssue2603Trace): boolean {
LOWtest/repro-2681-group-writable.test.ts23function extractShellFunctionFromSource(src: string, name: string): string {
LOWtest/repro-2681-group-writable.test.ts31function normalizeMutableConfigPermsFor(configDir: string): string {
LOWtest/onboard-ollama-autostart.test.ts65function runOllamaAutostartScenario(opts: ScenarioOptions): WizardResult {
LOWtest/hermes-share-mount-deps.test.ts21function extractHermesInstallCommand(dockerfile: string): string {
LOWtest/install-openshell-upgrade-prompt.test.ts17function runPreinstallUpgradeGuard(
LOWtest/onboard-rollback.test.ts20function isOnboardRollbackInternals(value: object | null): value is OnboardRollbackInternals {
LOWtest/wsl2-probe-timeout.test.ts18function isOnboardValidationInternals(
LOWtest/ssh-known-hosts.test.ts15function isOnboardKnownHostsInternals(
LOWtest/repro-2201.test.ts273function readSessionMessagingChannelConfig(
LOWtest/sandbox-provisioning.test.ts63function dockerHealthCommandBetween(
LOWtest/sandbox-provisioning.test.ts149function runOpenclawRepairLayoutCase(legacy: boolean) {
LOWtest/openclaw-tool-catalog-patch.test.ts41 "function collectRegisteredToolNames(tools) { return new Set(tools.map((tool) => tool.name)); }",
LOWtest/openclaw-tool-catalog-patch.test.ts45 "function buildEmbeddedSystemPrompt(params) { return `tools=${params.tools.map((tool) => tool.name).join(',')}`; }",
LOWtest/openclaw-tool-catalog-patch.test.ts121function nativeToolSearchFixtureSource() {
LOWtest/seccomp-guard.test.ts20function extractStartScriptHeredoc(src: string, marker: string): string {
LOWtest/seccomp-guard.test.ts27function extractRuntimeShellEnvSnippet(src: string): string {
LOWtest/install-preflight.test.ts105function writeFailedOnboardSession(home: string) {
LOWtest/install-preflight.test.ts121function runFailedSessionPromptChoice(answer: string) {
LOWtest/install-preflight.test.ts1221 function runNvidiaCdiInstallerRepairTest({
LOWtest/install-preflight.test.ts2901 function callEnsureSupportedRuntime(
LOWtest/install-preflight.test.ts4046 function runInstallerWithPipedStdinAndTty(answer: string) {
LOWtest/install-preflight.test.ts4050 function runInstallerWithInteractiveStdin(answer: string) {
LOWtest/seed-wechat-accounts.test.ts57function writeWeChatPluginMetadata(manifest: Record<string, unknown>) {
LOWtest/seed-wechat-accounts.test.ts63function writeWeChatNpmPackageMetadata(manifest: Record<string, unknown>) {
LOWtest/generate-hermes-config.test.ts83function copyConfigGeneratorFixture(fixtureRoot: string): string {
LOWtest/gateway-final-failure-cleanup.test.ts18function isOnboardGatewayFailureInternals(
LOWtest/nemotron-inference-fix.test.ts20function extractStartScriptHeredoc(src, marker) {
LOWtest/config-set-nested-ssrf.test.ts10function installMockPrivilegedExec(privilegedExecPath: string): () => void {
LOWtest/generate-openclaw-config.test.ts64function writeWeChatPluginMetadata(manifest: Record<string, unknown>) {
LOWtest/generate-openclaw-config.test.ts70function writeWeChatNpmPackageMetadata(manifest: Record<string, unknown>) {
LOWtest/fetch-guard-patch-regression.test.ts62function normalizeHostnameAllowlist(values) {
LOWtest/fetch-guard-patch-regression.test.ts66function isPrivateNetworkAllowedByPolicy(policy) {
LOWtest/fetch-guard-patch-regression.test.ts72function assertAllowedHostOrIpOrThrow(hostnameOrIp) {
LOWtest/fetch-guard-patch-regression.test.ts112function readBlueprintMinOpenClawVersion(): string {
LOWtest/fetch-guard-patch-regression.test.ts116function readDockerfileBaseOpenClawVersion(): string {
LOWtest/fetch-guard-patch-regression.test.ts124function readDockerfileOpenClawVersion(): string {
LOWtest/fetch-guard-patch-regression.test.ts128function readDockerfileBaseOpenClawIntegrity(): string {
LOWtest/fetch-guard-patch-regression.test.ts136function readDockerfileOpenClawIntegrity(): string {
LOWtest/fetch-guard-patch-regression.test.ts283function webGuardedFetchFixtureSource(): string {
LOWtest/fetch-guard-patch-regression.test.ts289 "function resolveHostnamePolicyChecks(hostname, policy) {",
LOWtest/fetch-guard-patch-regression.test.ts297 "function assertHostnameAllowedWithPolicy(hostname, policy) { return resolveHostnamePolicyChecks(hostname, policy).n
LOWtest/fetch-guard-patch-regression.test.ts298 "async function resolvePinnedHostnameWithPolicy(hostname, params = {}) { return { hostname: resolveHostnamePolicyChe
LOWtest/fetch-guard-patch-regression.test.ts304 "async function fetchWithWebToolsNetworkGuard(params) {",
LOWtest/fetch-guard-patch-regression.test.ts443 "async function assertExplicitProxyAllowed(proxyUrl) { globalThis.proxyChecks.push(proxyUrl); throw new Error('p
LOWtest/fetch-guard-patch-regression.test.ts445 "function resolveHostnamePolicyChecks(hostname, policy) {",
LOWtest/fetch-guard-patch-regression.test.ts451 "function assertHostnameAllowedWithPolicy(hostname, policy) { return resolveHostnamePolicyChecks(hostname, polic
LOWtest/fetch-guard-patch-regression.test.ts596 "async function assertExplicitProxyAllowed(proxyUrl) { globalThis.proxyChecks.push(proxyUrl); throw new Error('p
LOWtest/fetch-guard-patch-regression.test.ts598 "function resolveHostnamePolicyChecks(hostname, policy) {",
LOWtest/fetch-guard-patch-regression.test.ts604 "function assertHostnameAllowedWithPolicy(hostname, policy) { return resolveHostnamePolicyChecks(hostname, polic
LOWtest/fetch-guard-patch-regression.test.ts22 "async function fetchWithWebToolsNetworkGuard(params) {",
LOWtest/fetch-guard-patch-regression.test.ts35 "function shouldSkipPrivateNetworkChecks(hostname, policy) {",
LOWtest/fetch-guard-patch-regression.test.ts38 "function resolveHostnamePolicyChecks(hostname, policy) {",
LOWtest/fetch-guard-patch-regression.test.ts319 "function fetchWithWebToolsNetworkGuard(params)",
LOWtest/fetch-guard-patch-regression.test.ts668 "async function assertExplicitProxyAllowed(dispatcherPolicy, lookupFn, policy) {",
LOWtest/fetch-guard-patch-regression.test.ts711 "async function fetchGuardedMediaResponse() {",
LOWtest/fetch-guard-patch-regression.test.ts740 "async function fetchGuardedMediaResponse(targetUrl) {",
LOWtest/fetch-guard-patch-regression.test.ts770 "async function fetchGuardedMediaResponse() {",
1022 more matches not shown…
Over-Commented Block326 hits · 285 pts
SeverityFileLineSnippet
LOW.pre-commit-config.yaml1# NemoClaw — prek hook configuration
LOWvitest.config.ts61 testTimeout: testTimeout(),
LOWtest/gateway-state-reconcile-2276.test.ts1// @ts-nocheck
LOWtest/e2e-non-root-smoke.sh1#!/usr/bin/env bash
LOWtest/e2e-non-root-smoke.sh21# CAVEAT: no-new-privileges ≠ Landlock. We catch #2472-class bugs only
LOWtest/onboard-ollama-autostart.test.ts21 ollamaRunning: boolean;
LOWtest/onboard-ollama-autostart.test.ts81 path.join(repoRoot, "dist", "lib", "inference", "ollama", "proxy.js"),
LOWtest/channels-remove-full-teardown.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/reboot-identity-drift.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/security-sandbox-tar-traversal.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/policy-tiers.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/security-c4-manifest-traversal.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/sandbox-provisioning.test.ts1// @ts-nocheck
LOWtest/channels-add-preset.test.ts381// Regression: `channels add` was updating the registry but NOT
LOWtest/policy-add-remove-session-sync.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/wechat-diagnostics.test.ts1// @ts-nocheck
LOWtest/install-preflight.test.ts3221 // macOS does not ship setsid (it's a util-linux binary). Headless
LOWtest/snapshot-restore-existing-dest.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/snapshot.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/e2e-port-overrides.sh1#!/usr/bin/env bash
LOWtest/e2e-gateway-isolation.sh201')
LOWtest/e2e-gateway-isolation.sh221# and CAP_SYS_PTRACE, so a plain "docker run" cannot reproduce the issue
LOWtest/nemoclaw-start.test.ts3361 } finally {
LOWtest/http-proxy-fix-e2e.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/http-proxy-fix-rewrite.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/gateway-http-reuse-wait.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/local-slack-auth-test.sh1#!/usr/bin/env bash
LOWtest/ssrf-parity.test.ts1// SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/telegram-diagnostics.test.ts1// @ts-nocheck
LOWtest/e2e-scenario/runtime/run-suites.sh1#!/usr/bin/env bash
LOWtest/e2e-scenario/runtime/run-scenario.sh1#!/usr/bin/env bash
LOWtest/e2e-scenario/runtime/lib/context.sh1#!/usr/bin/env bash
LOWtest/e2e-scenario/runtime/lib/context.sh21# E2E_GATEWAY_URL gateway base URL
LOWtest/e2e-scenario/runtime/lib/logging.sh1#!/usr/bin/env bash
LOWtest/e2e-scenario/runtime/lib/logging.sh21# e2e_section "Phase 2: onboarding"
LOWtest/e2e-scenario/runtime/lib/env.sh1#!/usr/bin/env bash
LOWtest/e2e-scenario/runtime/lib/cleanup.sh1#!/usr/bin/env bash
LOWtest/e2e-scenario/runtime/lib/sandbox-teardown.sh1#!/usr/bin/env bash
LOWtest/e2e-scenario/validation_suites/sandbox-exec.sh1#!/usr/bin/env bash
LOW…e-scenario/validation_suites/assert/inference-works.sh1#!/usr/bin/env bash
LOW…validation_suites/assert/messaging-bridge-reachable.sh1#!/usr/bin/env bash
LOW…ario/validation_suites/assert/policy-preset-applied.sh1#!/usr/bin/env bash
LOW…ario/validation_suites/assert/no-credentials-leaked.sh1#!/usr/bin/env bash
LOW…t/e2e-scenario/nemoclaw_scenarios/expected-states.yaml1# SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
LOWtest/e2e-scenario/nemoclaw_scenarios/install/ollama.sh1#!/usr/bin/env bash
LOW…st/e2e-scenario/nemoclaw_scenarios/install/dispatch.sh1#!/usr/bin/env bash
LOW…/e2e-scenario/nemoclaw_scenarios/install/launchable.sh1#!/usr/bin/env bash
LOW…claw_scenarios/install/helpers/install-path-refresh.sh1#!/usr/bin/env bash
LOW…claw_scenarios/install/helpers/install-path-refresh.sh21# # If you only need to defensively ensure ~/.local/bin is on PATH:
LOW…st/e2e-scenario/nemoclaw_scenarios/onboard/dispatch.sh1#!/usr/bin/env bash
LOW…o/nemoclaw_scenarios/helpers/emit-context-from-plan.sh1#!/usr/bin/env bash
LOWtest/e2e/test-device-auth-health.sh1#!/usr/bin/env bash
LOWtest/e2e/test-device-auth-health.sh21#
LOWtest/e2e/test-diagnostics.sh1#!/usr/bin/env bash
LOWtest/e2e/test-rebuild-openclaw.sh1#!/bin/bash
LOWtest/e2e/test-openshell-version-pin.sh1#!/usr/bin/env bash
LOWtest/e2e/test-rebuild-hermes.sh1#!/bin/bash
LOWtest/e2e/test-docs-validation.sh1#!/bin/bash
LOWtest/e2e/test-telegram-injection.sh1#!/bin/bash
LOWtest/e2e/test-telegram-injection.sh21# string passed over SSH. $(cmd), `cmd`, and ${VAR} expansions inside
266 more matches not shown…
Cross-Language Confusion (JS/TS)35 hits · 202 pts
SeverityFileLineSnippet
HIGHtest/nemoclaw-start.test.ts1594 elif [ "$count" -le 6 ]; then
HIGHtest/nemoclaw-start.test.ts1596 elif [ "$count" -le 10 ]; then
HIGHtest/hermes-plugin-handlers.test.ts52print(json.dumps(result))
HIGHtest/hermes-plugin-handlers.test.ts186print(json.dumps(result))
HIGHtest/onboard-selection.test.ts4465elif echo "$url" | grep -q 'generativelanguage.googleapis.com' && echo "$url" | grep -q '/chat/completions$'; then
HIGHtest/onboard-selection.test.ts4468elif echo "$url" | grep -q 'integrate.api.nvidia.com' && echo "$url" | grep -q '/responses$'; then
HIGHtest/onboard-selection.test.ts4471elif echo "$url" | grep -q 'integrate.api.nvidia.com' && echo "$url" | grep -q '/chat/completions$'; then
HIGHtest/onboard-selection.test.ts76elif (echo "$auth" | grep -q '${goodToken}' || echo "$url_auth" | grep -q '${goodToken}') && echo "$url_path" | grep -q
HIGHtest/onboard-selection.test.ts79elif (echo "$auth" | grep -q '${goodToken}' || echo "$url_auth" | grep -q '${goodToken}') && echo "$url_path" | grep -q
HIGHtest/onboard-selection.test.ts118elif echo "$auth" | grep -q '${goodToken}' && echo "$url" | grep -q '/v1/messages$'; then
HIGHtest/onboard-selection.test.ts3079elif echo "$url" | grep -q '/responses$'; then
HIGHtest/onboard-selection.test.ts3261elif echo "$url" | grep -q '/v1/messages$' && printf '%s' "$args" | grep -q 'claude-haiku-4-5'; then
HIGHtest/onboard-selection.test.ts3445elif echo "$url" | grep -q '/chat/completions$' && echo "$body_arg" | grep -q 'good-model'; then
HIGHtest/onboard-selection.test.ts3560elif echo "$url" | grep -q '/chat/completions$'; then
HIGHtest/onboard-selection.test.ts3658elif echo "$url" | grep -q '/chat/completions$'; then
HIGHtest/onboard-selection.test.ts3757elif echo "$url" | grep -q '/chat/completions$'; then
HIGHtest/onboard-selection.test.ts4797elif echo "$auth" | grep -q 'nvapi-good' && echo "$url" | grep -q '/chat/completions$'; then
HIGHtest/onboard-selection.test.ts5396elif echo "$url" | grep -q '/v1/responses'; then
HIGHtest/onboard-selection.test.ts5398elif echo "$url" | grep -q '/v1/chat/completions'; then
HIGHtest/onboard-selection.test.ts5498elif echo "$url" | grep -q '/v1/responses'; then
HIGHtest/onboard-selection.test.ts5500elif echo "$url" | grep -q '/v1/chat/completions'; then
HIGH…gents/skills/nemoclaw-maintainer-day/scripts/triage.ts147 elif .mergeable_state == "clean" then "CLEAN"
HIGH…gents/skills/nemoclaw-maintainer-day/scripts/triage.ts148 elif .mergeable_state == "blocked" then "BLOCKED"
HIGH…gents/skills/nemoclaw-maintainer-day/scripts/triage.ts149 elif .mergeable_state == "unstable" then "UNSTABLE"
HIGHsrc/lib/agent/onboard.ts231elif [ -e "$tirith" ]; then
HIGHsrc/lib/agent/onboard.ts241 elif [ -L "$log" ]; then
HIGHsrc/lib/onboard/compatible-endpoint-smoke.ts196 print(message, file=sys.stderr)
HIGHsrc/lib/onboard/compatible-endpoint-smoke.ts224print("OPENCLAW_CONFIG_OK")
HIGHsrc/lib/onboard/compatible-endpoint-smoke.ts239print(json.dumps({
HIGHsrc/lib/onboard/compatible-endpoint-smoke.ts280 print("inference.local returned non-JSON response: %s; body=%s" % (exc, body), file=sys.stderr)
HIGHsrc/lib/onboard/compatible-endpoint-smoke.ts294 print(
HIGHsrc/lib/onboard/compatible-endpoint-smoke.ts300 print(
HIGHsrc/lib/onboard/compatible-endpoint-smoke.ts306 print(
HIGHsrc/lib/onboard/compatible-endpoint-smoke.ts313print("INFERENCE_SMOKE_OK " + content.strip()[:200])
HIGHsrc/lib/domain/dns/setup-proxy.ts21print(msg, flush=True)
Excessive Try-Catch Wrapping118 hits · 108 pts
SeverityFileLineSnippet
LOW…tion_suites/messaging/slack/00-slack-provider-state.sh44except Exception as exc:
LOWtest/e2e/test-rebuild-openclaw.sh241except Exception:
LOWtest/e2e/test-rebuild-openclaw.sh524except Exception as e:
LOWtest/e2e/test-rebuild-hermes.sh272except Exception:
LOWtest/e2e/test-hermes-discord-e2e.sh530except Exception:
LOWtest/e2e/test-hermes-discord-e2e.sh537except Exception:
LOWtest/e2e/test-model-router-provider-routed-inference.sh37except Exception:
LOWtest/e2e/test-gpu-e2e.sh76except Exception as e:
LOWtest/e2e/test-cloud-inference-e2e.sh65except Exception as e:
LOWtest/e2e/test-gpu-double-onboard.sh90except Exception as e:
LOWtest/e2e/test-hermes-slack-e2e.sh322except Exception as exc:
LOWtest/e2e/test-hermes-slack-e2e.sh501 except Exception as exc:
LOWtest/e2e/test-hermes-slack-e2e.sh512 except Exception as exc:
LOWtest/e2e/test-kimi-inference-compat.sh160 except Exception:
LOWtest/e2e/test-kimi-inference-compat.sh518 except Exception:
LOWtest/e2e/test-kimi-inference-compat.sh558 except Exception:
LOWtest/e2e/test-messaging-compatible-endpoint.sh223 except Exception:
LOWtest/e2e/test-issue-4462-scope-upgrade-approval.sh132 except Exception:
LOWtest/e2e/test-launchable-smoke.sh94except Exception as e:
LOWtest/e2e/test-full-e2e.sh66except Exception as e:
LOWtest/e2e/test-openclaw-inference-switch.sh82except Exception as e:
LOWtest/e2e/test-openclaw-inference-switch.sh142except Exception as exc:
LOWtest/e2e/test-openclaw-inference-switch.sh157except Exception as exc:
LOWtest/e2e/test-bedrock-runtime-compatible-anthropic.sh105except Exception as exc:
LOWtest/e2e/test-bedrock-runtime-compatible-anthropic.sh204except Exception:
LOWtest/e2e/test-bedrock-runtime-compatible-anthropic.sh473except Exception as exc:
LOWtest/e2e/test-bedrock-runtime-compatible-anthropic.sh490except Exception as exc:
LOWtest/e2e/test-upgrade-stale-sandbox.sh177except Exception:
LOWtest/e2e/test-messaging-providers.sh1941except Exception:
LOWtest/e2e/test-messaging-providers.sh179except Exception:
LOWtest/e2e/test-messaging-providers.sh190except Exception:
LOWtest/e2e/test-messaging-providers.sh201except Exception:
LOWtest/e2e/test-messaging-providers.sh1245except Exception as e:
LOWtest/e2e/test-messaging-providers.sh1254except Exception as e:
LOWtest/e2e/test-messaging-providers.sh1796except Exception:
LOWtest/e2e/test-messaging-providers.sh1804except Exception:
LOWtest/e2e/test-messaging-providers.sh1824except Exception:
LOWtest/e2e/test-messaging-providers.sh1869except Exception:
LOWtest/e2e/test-messaging-providers.sh2603 except Exception:
LOWtest/e2e/test-messaging-providers.sh2841except Exception as e:
LOWtest/e2e/test-hermes-e2e.sh104except Exception as e:
LOWtest/e2e/test-sandbox-survival.sh84except Exception as e:
LOWtest/e2e/test-hermes-inference-switch.sh70except Exception as e:
LOWtest/e2e/test-hermes-inference-switch.sh130except Exception as exc:
LOWtest/e2e/test-hermes-inference-switch.sh147except Exception as exc:
LOWtest/e2e/test-brave-search-e2e.sh340except Exception:
LOWtest/e2e/test-brave-search-e2e.sh366except Exception:
LOW…2e/e2e-cloud-experimental/test-inference-local-chat.sh60except Exception as e:
LOWtest/e2e/lib/openclaw-json.sh74except Exception:
LOWtest/e2e/lib/openclaw-json.sh81 except Exception:
LOWtest/e2e/lib/discord-gateway-proof.sh293except Exception as exc:
LOWtest/e2e/lib/discord-gateway-proof.sh397except Exception as exc:
MEDIUMagents/hermes/plugin/__init__.py200def _config_prefers_gateway(section_name):
MEDIUMagents/hermes/plugin/__init__.py392def _has_openai_audio_backend():
LOWagents/hermes/plugin/__init__.py387 except Exception:
LOWagents/hermes/plugin/__init__.py438 except Exception:
LOWagents/hermes/plugin/__init__.py445 except Exception:
LOWagents/hermes/plugin/__init__.py109 except Exception:
LOWagents/hermes/plugin/__init__.py137 except Exception:
LOWagents/hermes/plugin/__init__.py152 except Exception:
58 more matches not shown…
Example Usage Blocks64 hits · 92 pts
SeverityFileLineSnippet
LOW.pre-commit-config.yaml9# Usage:
LOWtest/e2e-scenario/runtime/coverage-report.sh7# Usage:
LOWtest/e2e-scenario/runtime/run-suites.sh7# Usage:
LOWtest/e2e-scenario/runtime/run-scenario.sh7# Usage:
LOWtest/e2e-scenario/runtime/lib/context.sh26# Usage:
LOW…e-scenario/validation_suites/assert/inference-works.sh11# Usage:
LOW…validation_suites/assert/messaging-bridge-reachable.sh13# Usage:
LOW…ario/validation_suites/assert/policy-preset-applied.sh11# Usage:
LOW…ario/validation_suites/assert/no-credentials-leaked.sh11# Usage:
LOW…claw_scenarios/install/helpers/install-path-refresh.sh14# Usage:
LOW…o/nemoclaw_scenarios/helpers/emit-context-from-plan.sh7# Usage:
LOWtest/e2e/test-device-auth-health.sh35# Usage:
LOWtest/e2e/test-docs-validation.sh22# Usage:
LOWtest/e2e/test-telegram-injection.sh35# Usage:
LOWtest/e2e/test-openclaw-slack-pairing.sh24# Usage:
LOWtest/e2e/test-hermes-discord-e2e.sh30# Usage:
LOWtest/e2e/test-credential-migration.sh40# Usage:
LOWtest/e2e/test-cloud-onboard-e2e.sh33# Usage:
LOWtest/e2e/test-gpu-e2e.sh32# Usage:
LOWtest/e2e/test-cloud-inference-e2e.sh25# Usage:
LOWtest/e2e/test-gpu-double-onboard.sh41# Usage:
LOWtest/e2e/test-hermes-slack-e2e.sh24# Usage:
LOWtest/e2e/test-issue-2478-crash-loop-recovery.sh59# Usage:
LOWtest/e2e/test-onboard-repair.sh19# Usage:
LOWtest/e2e/test-spark-install.sh19# Usage:
LOWtest/e2e/test-kimi-inference-compat.sh20# Usage:
LOWtest/e2e/test-messaging-compatible-endpoint.sh30# Usage:
LOWtest/e2e/test-onboard-resume.sh20# Usage:
LOWtest/e2e/test-openclaw-discord-pairing.sh25# Usage:
LOWtest/e2e/test-launchable-smoke.sh43# Usage:
LOWtest/e2e/test-channels-add-remove.sh22# Usage:
LOWtest/e2e/test-full-e2e.sh23# Usage:
LOWtest/e2e/test-credential-sanitization.sh27# Usage:
LOWtest/e2e/test-channels-stop-start.sh24# Usage:
LOWtest/e2e/test-ollama-auth-proxy-e2e.sh20# Usage:
LOWtest/e2e/test-messaging-providers.sh81# Usage:
LOWtest/e2e/test-hermes-e2e.sh27# Usage:
LOWtest/e2e/test-sandbox-rebuild.sh27# Usage:
LOWtest/e2e/test-sandbox-survival.sh35# Usage:
LOWtest/e2e/test-token-rotation.sh25# Usage:
LOWtest/e2e/test-brave-search-e2e.sh25# Usage:
LOWtest/e2e/test-skill-agent-e2e.sh25# Usage:
LOWtest/e2e/test-overlayfs-autofix.sh59# Usage:
LOW…t/e2e/e2e-cloud-experimental/test-port8080-conflict.sh26# Usage:
LOW…/e2e/e2e-cloud-experimental/openclaw-tui-in-sandbox.sh16# Usage:
LOWtest/e2e/e2e-cloud-experimental/cleanup.sh9# Usage:
LOW…features/skill/lib/validate_sandbox_openclaw_skills.sh9# Usage:
LOWtest/e2e/lib/install-path-refresh.sh14# Usage:
LOW…r-cross-issue-sweep/scripts/search-candidate-issues.sh9# Usage:
LOWscripts/check-spdx-headers.sh7# Usage:
LOWscripts/debug.sh7# Usage:
LOWscripts/check-installer-hash.sh11# Usage:
LOWscripts/start-services.sh11# Usage:
LOWscripts/update-docker-pin.sh9# Usage:
LOWscripts/setup-spark.sh12# Usage:
LOWscripts/walkthrough.sh30# Usage:
LOWscripts/lib/sandbox-init.sh94# Usage:
LOWscripts/lib/sandbox-init.sh155# Usage:
LOWscripts/lib/sandbox-init.sh220# Usage:
LOWscripts/lib/sandbox-init.sh356# Usage:
4 more matches not shown…
Unused Imports27 hits · 26 pts
SeverityFileLineSnippet
LOWtest/e2e/lib/openclaw-agent-json.py16
LOW…law-maintainer-pr-comparator/scripts/render-verdict.py37
LOW…-maintainer-cross-issue-sweep/scripts/render-report.py36
LOWdocs/_ext/json_output/core/document_discovery.py25
LOWdocs/_ext/json_output/core/json_formatter.py30
LOWdocs/_ext/json_output/core/__init__.py18
LOWdocs/_ext/json_output/core/__init__.py19
LOWdocs/_ext/json_output/core/__init__.py20
LOWdocs/_ext/json_output/core/__init__.py21
LOWdocs/_ext/json_output/core/__init__.py22
LOWdocs/_ext/json_output/core/__init__.py23
LOWdocs/_ext/json_output/core/hierarchy_builder.py26
LOWdocs/_ext/json_output/core/hierarchy_builder.py27
LOWdocs/_ext/json_output/core/hierarchy_builder.py28
LOWdocs/_ext/json_output/processing/__init__.py18
LOWdocs/_ext/json_output/processing/__init__.py19
LOWdocs/_ext/json_output/processing/__init__.py19
LOWdocs/_ext/json_output/processing/__init__.py19
LOWdocs/_ext/json_output/processing/__init__.py19
LOWdocs/_ext/json_output/content/__init__.py18
LOWdocs/_ext/json_output/content/__init__.py19
LOWdocs/_ext/json_output/content/structured.py26
LOWscripts/openclaw-build-messaging-plugins.py12
LOWscripts/seed-wechat-accounts.py51
LOWscripts/docs-to-skills.py53
LOWscripts/generate-openclaw-config.py43
LOWscripts/generate-platform-docs.py19
Verbosity Indicators15 hits · 23 pts
SeverityFileLineSnippet
LOW…aw-maintainer-pr-comparator/scripts/find-candidates.sh35# Step 1: PRs that explicitly link the issue.
LOW…aw-maintainer-pr-comparator/scripts/find-candidates.sh43# Step 2: Expand by files mentioned in issue body.
LOW…aw-maintainer-pr-comparator/scripts/find-candidates.sh56# Step 3: Expand by title-token Jaccard.
LOWscripts/update-docker-pin.sh35 # Step 1: get an auth token for the Docker Hub library repo
LOWscripts/update-docker-pin.sh46 # Step 2: fetch the tag headers and use Docker-Content-Digest for the index.
LOWsrc/lib/adapters/openshell/resolve.ts40 // Step 1: command -v
LOWsrc/lib/adapters/openshell/resolve.ts52 // Step 2: fallback candidates
LOWsrc/lib/actions/sandbox/rebuild.ts298 // Step 0: Preflight — verify recreate preconditions BEFORE destroying
LOWsrc/lib/actions/sandbox/rebuild.ts395 // Step 1: Ensure sandbox is live for backup
LOWsrc/lib/actions/sandbox/rebuild.ts457 // Step 2: Backup
LOWsrc/lib/actions/sandbox/rebuild.ts510 // Step 3: Delete sandbox without tearing down gateway or session.
LOWsrc/lib/actions/sandbox/rebuild.ts547 // Step 4: Recreate via onboard --resume
LOWsrc/lib/actions/sandbox/rebuild.ts766 // Step 5: Restore
LOWsrc/lib/actions/sandbox/rebuild.ts825 // Step 6: Post-restore agent-specific migration
LOWsrc/lib/actions/sandbox/rebuild.ts879 // Step 7: Update registry with new version
Self-Referential Comments6 hits · 20 pts
SeverityFileLineSnippet
MEDIUMtest/e2e/test-runtime-overrides.sh40# Create a timestamped log file whose name matches the CI artifact glob
MEDIUMtest/e2e/test-credential-sanitization.sh160# Create a temp directory simulating the state that would be migrated
MEDIUMtest/e2e/test-credential-sanitization.sh459# Create a real file outside the bundle
MEDIUMtest/e2e/test-credential-sanitization.sh462# Create a symlink inside the bundle pointing to the outside file
MEDIUMtest/e2e/test-sandbox-operations.sh313# Create the primary test sandbox. Exits the script on failure since all
MEDIUMdocs/_ext/search_assets/__init__.py36 # Define the module loading order (dependencies first)
Redundant / Tautological Comments10 hits · 15 pts
SeverityFileLineSnippet
LOWtest/e2e/test-telegram-injection.sh208# Check if the injection file was created
LOWtest/e2e/test-gpu-double-onboard.sh516 # Check if the failure is specifically a 401 (token divergence)
LOWdocs/_ext/json_output/utils.py30 # Check if content_gating extension is loaded
LOWdocs/_ext/json_output/utils.py94 # Check if this path matches any exclude pattern using fnmatch (supports glob patterns)
LOWdocs/_ext/json_output/core/document_discovery.py56 # Check if this document is a child of the parent
LOWdocs/_ext/json_output/processing/cache.py69 # Check if we have a recorded timestamp
LOWdocs/_ext/json_output/content/text.py102 # Check if this text node is inside a reference
LOWscripts/docs-to-skills.py888 # Check if target doc maps to a generated skill
LOWscripts/nemoclaw-start.sh2331 # Check if shields were previously active (config dir is root-owned).
LOWscripts/setup-spark.sh107 # Check if already configured
AI Slop Vocabulary6 hits · 14 pts
SeverityFileLineSnippet
MEDIUMtest/e2e/test-openclaw-tui-chat-correlation.sh9# The Vitest live harness drives OpenClaw's gateway websocket directly against a
MEDIUMdocs/_ext/json_output/config.py40 "max_main_index_docs": 0, # No limit by default for comprehensive search
MEDIUMdocs/_ext/json_output/core/hierarchy_builder.py71 else: # 'full' mode - comprehensive search index
MEDIUMdocs/_ext/json_output/core/hierarchy_builder.py102 """Build comprehensive search index for main index page."""
MEDIUMscripts/nemoclaw-start.sh1528# timeout reduction, and token cleanup for a more comprehensive fix.
MEDIUM.github/workflows/nightly-e2e.yaml999 # because nemoclaw handles SSH key/host setup and is robust to
Deep Nesting17 hits · 13 pts
SeverityFileLineSnippet
LOWagents/hermes/plugin/__init__.py97
LOWagents/hermes/plugin/__init__.py975
LOWdocs/_ext/json_output/processing/processor.py145
LOWdocs/_ext/json_output/content/metadata.py64
LOWdocs/_ext/json_output/content/text.py67
LOWdocs/_ext/json_output/content/text.py244
LOWdocs/_ext/json_output/content/structured.py31
LOWdocs/_ext/json_output/content/structured.py74
LOWdocs/_ext/json_output/content/structured.py361
LOWscripts/seed-wechat-accounts.py188
LOWscripts/docs-to-skills.py220
LOWscripts/docs-to-skills.py302
LOWscripts/docs-to-skills.py506
LOWscripts/docs-to-skills.py1241
LOWscripts/docs-to-skills.py1570
LOWscripts/docs-to-skills.py1935
LOWscripts/generate-openclaw-config.py226
Docstring Block Structure1 hit · 5 pts
SeverityFileLineSnippet
HIGHdocs/_ext/json_output/core/global_metadata.py123Extract product name from project string. Examples: 'NVIDIA DORI' -> 'DORI' 'NVIDIA NeMo Curator Us
Slop Phrases1 hit · 2 pts
SeverityFileLineSnippet
MEDIUMsrc/lib/state/config-io.ts48 " # If you can use sudo, repair the existing config directory:",