Scan results
https://github.com/ohong/straude
Submitted 49d ago
Complete
Took 128s
Payment confirmed — your full report is unlocked.
LEAKS
4545 issues detected.
High 44Medium 1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/admin/page.tsx:1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/api/admin/cohort-retention/route.ts:1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/api/admin/company-suggestions/[id]/route.ts:1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/api/admin/company-suggestions/route.ts:1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/api/admin/model-share/route.ts:1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/api/admin/model-usage/route.ts:1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/api/admin/prompts/[id]/route.ts:1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/api/admin/prompts/route.ts:1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/api/admin/revenue-concentration/route.ts:1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/api/admin/time-to-first-sync/route.ts:1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/api/admin/user-signups/route.ts:1
LK_010_admin_route_no_auth
Admin/dashboard route file lacks auth import
apps/web/app/api/admin/users-by-country/route.ts:1
LK_028_supabase_no_rls
Supabase table "countries_to_regions" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/0001_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "users" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/0001_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "daily_usage" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/0001_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "posts" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/0001_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "follows" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/0001_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "likes" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/0001_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "comments" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/0001_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "cli_auth_codes" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/0001_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "users" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260216190154_create_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "daily_usage" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260216190154_create_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "posts" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260216190154_create_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "follows" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260216190154_create_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "kudos" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260216190154_create_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "comments" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260216190154_create_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "countries_to_regions" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260216190154_create_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "cli_auth_codes" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260216190154_create_initial_schema.sql
LK_028_supabase_no_rls
Supabase table "public" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260218035016_create_notifications_table.sql
LK_028_supabase_no_rls
Supabase table "public" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260222081133_create_user_achievements.sql
LK_028_supabase_no_rls
Supabase table "public" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260302000000_prompt_submissions.sql
LK_028_supabase_no_rls
Supabase table "public" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260303075413_create_device_usage.sql
LK_028_supabase_no_rls
Supabase table "public" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260306204016_comment_threads_and_reactions.sql
LK_028_supabase_no_rls
Supabase table "public" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260306204037_add_direct_messages.sql
LK_028_supabase_no_rls
Supabase table "public" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260316133500_add_user_levels.sql
LK_028_supabase_no_rls
Supabase table "public" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260320221403_company_suggestions.sql
LK_028_supabase_no_rls
Supabase table "public" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260321001813_token_rich_companies.sql
LK_028_supabase_no_rls
Supabase table "public" created without ENABLE ROW LEVEL SECURITY
supabase/migrations/20260401194500_create_open_stats_snapshots.sql
LK_030_dangerous_html
dangerouslySetInnerHTML fed by non-literal expression without DOMPurify
apps/web/app/(app)/feed/page.tsx:101
LK_030_dangerous_html
dangerouslySetInnerHTML fed by non-literal expression without DOMPurify
apps/web/app/(app)/leaderboard/page.tsx:156
LK_030_dangerous_html
dangerouslySetInnerHTML fed by non-literal expression without DOMPurify
apps/web/app/(app)/leaderboard/page.tsx:160
LK_030_dangerous_html
dangerouslySetInnerHTML fed by non-literal expression without DOMPurify
apps/web/app/(landing)/cli/page.tsx:90
LK_030_dangerous_html
dangerouslySetInnerHTML fed by non-literal expression without DOMPurify
apps/web/app/(landing)/open/page.tsx:148
LK_030_dangerous_html
dangerouslySetInnerHTML fed by non-literal expression without DOMPurify
apps/web/app/(landing)/open/page.tsx:152
LK_035_missing_security_headers
Missing security headers: Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, Content-Security-Policy
next.config.* / vercel.json
SPEND
$0–$0/moNo LLM call-site optimizations found.
VIBE
11 agent found, all low-risk.
Risk class A 1
VB_001_agent_class_A
Risk class A: this agent has trusted input and limited system access.
apps/web/app/api/ai/generate-caption/route.ts:68