github not analyzable

OpenSIN-Code/OpenSIN-Code

The autonomous OpenSIN-Code CLI

maintainer: OpenSIN-Code
license: MIT
first seen: 2026-06-04
last seen: 2026-06-04
releases · 30d: 0
short id

risk insufficient evidence

Insufficient evidence to grade. This server's source has not been statically analyzed, so a low grade would only mean "nothing found", not "nothing there". We don't show a reassuring grade we can't stand behind. Attested signals (CVEs, provenance) below still apply.

Once the source is analyzed (see the analysis flag in the header), a graded score appears here. How analysis works: methodology.

graded 14m ago · see ecosystem CVEs →

risk trajectory 1 movements

6d agoA · 0 → B · 32

capability exposure grade factor +35

Inferred surface — each links to servers holding it:

vulnerabilities 0 CVEs

No known CVEs for this server.

tool safety all quiet

No tool-safety findings — heuristic detectors run on the compute-risk cadence; a finding appears when a tool trips a rule.

skills & danger signals github-tarball

prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed analyzer v19 · 3h ago

skills & prompt files 23

danger signals8

suspicious endpoint1.1.1.1OpenSIN-Code-OpenSIN-Code-90b9d86/packages/opensin-sdk/archived/utils_v2/env.ts:31await axiosClient.head('http://1.1.1.1', {
suspicious endpoint92.5.60.87OpenSIN-Code-OpenSIN-Code-90b9d86/packages/opensin-sdk/src/api/providers/mod.ts:22defaultBaseUrl: "http://92.5.60.87:4100/v1",
suspicious endpoint92.5.60.87OpenSIN-Code-OpenSIN-Code-90b9d86/packages/opensin-sdk/src/api/providers/sin_provider.ts:13export const DEFAULT_BASE_URL = "http://92.5.60.87:4100/v1";
suspicious endpoint1.1.1.1OpenSIN-Code-OpenSIN-Code-90b9d86/packages/opensin-sdk/src/core/utils/env.ts:31await axiosClient.head('http://1.1.1.1', {
suspicious endpoint92.5.60.87OpenSIN-Code-OpenSIN-Code-90b9d86/packages/opensin-sdk/src/model_routing/failover.ts:53baseURL: 'http://92.5.60.87:4100/v1',
over-broad OAuth scopehttps://www.googleapis.com/auth/cloud-platformOpenSIN-Code-OpenSIN-Code-90b9d86/packages/opensin-sdk/archived/utils_v2/auth.ts:852scopes: ['https://www.googleapis.com/auth/cloud-platform'],
over-broad OAuth scopehttps://www.googleapis.com/auth/cloud-platformOpenSIN-Code-OpenSIN-Code-90b9d86/packages/opensin-sdk/src/core/services/api/client.ts:274scopes: ['https://www.googleapis.com/auth/cloud-platform'],
over-broad OAuth scopehttps://www.googleapis.com/auth/cloud-platformOpenSIN-Code-OpenSIN-Code-90b9d86/packages/opensin-sdk/src/core/utils/auth.ts:852scopes: ['https://www.googleapis.com/auth/cloud-platform'],

embed badge readme-ready

[![MCP Observatory risk grade](https://mcpobservatory.com/servers/github:OpenSIN-Code/OpenSIN-Code/badge.svg)](https://mcpobservatory.com/servers/github:OpenSIN-Code/OpenSIN-Code/security)

Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of OpenSIN-Code.

OpenSIN-Code/OpenSIN-Code

skills & prompt files 23

danger signals8

Navigate

Stream

Features

Display