Scan path: C:\Users\gilad\Projects\warden\gallery\repos\langflow\src\backend\base
Scanned: 2026-04-10 23:11 UTC
Warden: v1.6.0 · Scoring model v4.3 · 17 dimensions (weighted) · 235 pts
🔒 Privacy guarantee
All data collected locally — nothing left this machine.
API keys: partial hashes only.
Log content: never stored.
📊 Scanned 474 files (474 Python) in base across 6 scan layers
18
/ 100
43 / 235 raw
UNGOVERNED
Core Governance (13 / 100)
D1 Tool Inventory
2 / 25
D2 Risk Detection
0 / 20
CRITICAL Tool function without input validation
CRITICAL Tool function without input validation
CRITICAL Tool function without input validation
CRITICAL Tool function without input validation
CRITICAL Tool function without input validation
+ 11 more findings
D3 Policy Coverage
6 / 20
D4 Credential Management
2 / 20
MEDIUM Exposed Database URL (no credentials): red...t}/0
MEDIUM Exposed Database URL (no credentials): red...t}/0
CRITICAL Exposed Database URL with credentials: amq...72//
MEDIUM Exposed Database URL (no credentials): red...79/0
CRITICAL Possible typosquat: 'ctransformers' is 1 edit from 'transformers'
+ 1 more findings
D5 Log Hygiene
2 / 10
MEDIUM print() used instead of structured logging
MEDIUM print() used instead of structured logging
MEDIUM print() used instead of structured logging
MEDIUM print() used instead of structured logging
MEDIUM print() used instead of structured logging
+ 23 more findings
D6 Framework Coverage
1 / 5
HIGH LangChain used without CallbackManager — no tool/chain observability
HIGH LangChain used without CallbackManager — no tool/chain observability
HIGH LangChain used without CallbackManager — no tool/chain observability
HIGH LangChain used without CallbackManager — no tool/chain observability
HIGH LangChain used without CallbackManager — no tool/chain observability
+ 5 more findings
Advanced Controls (9 / 50)
D7 Human-in-the-Loop
0 / 15
HIGH CrewAI agent without guardrail — no output validation gate
HIGH CrewAI agent without guardrail — no output validation gate
D8 Agent Identity
9 / 15
D9 Threat Detection
0 / 20
HIGH Empty exception handler — errors silently swallowed
HIGH Empty exception handler — errors silently swallowed
HIGH Empty exception handler — errors silently swallowed
HIGH Empty exception handler — errors silently swallowed
HIGH Empty exception handler — errors silently swallowed
+ 21 more findings
Ecosystem (18 / 55)
D10 Prompt Security
2 / 15
D11 Cloud / Platform
4 / 10
D12 LLM Observability
4 / 10
MEDIUM Hardcoded model name: 'TranslationFlow - Language Detection, Translation, and Intent Classification. This flow translat
MEDIUM Hardcoded model name: 'Create and return the TranslationFlow graph. Args: provider: Model provider (e.g., "
MEDIUM Hardcoded model name: 'gpt-4o-mini' — no routing/fallback
MEDIUM Hardcoded model name: 'Inject model configuration into the flow's Agent component. Args: flow_data: The flo
MEDIUM Hardcoded model name: 'Load a Graph from a Python flow file. The Python file must define a function `get_graph()` t
+ 11 more findings
D13 Data Recovery
4 / 10
D14 Compliance Maturity
4 / 10
MEDIUM Unpinned AI dependency: openai
MEDIUM Unpinned AI dependency: langchain
MEDIUM Unpinned AI dependency: openai
MEDIUM Unpinned AI dependency: anthropic
MEDIUM Unpinned AI dependency: litellm
+ 3 more findings
Unique Capabilities (3 / 30)
D15 Post-Exec Verification
2 / 10
D16 Data Flow Governance
0 / 10
D17 Adversarial Resilience
1 / 10
CRITICAL No content injection defense — hidden HTML/CSS/zero-width instructions pass to agents undetected. (86% attack success ra
CRITICAL No RAG poisoning protection — knowledge base documents not scanned for embedded instructions. (<0.1% contamination = >80
HIGH No behavioral trap detection — post-execution behavioral changes not monitored. (10/10 M365 Copilot attacks succeeded)
HIGH No approval integrity verification -- agent summaries for approval not cross-checked against actual actions. (Approval f
MEDIUM No adversarial testing evidence — no red team, no prompt injection tests
+ 2 more findings
Score reflects only what Warden can observe locally. Undetected controls are scored as 0, not assumed good. Dimensions are weighted by governance impact. Methodology: SCORING.md
Total Findings
119
21 CRITICAL · 47 HIGH
Tools Detected
0
None detected
Credentials
4
In source code
Governance Gaps
4
of 17 dimensions
Compliance Refs
11
EU AI Act / OWASP / MITRE
🛡 Governance Layer Detection0 tools detected · 17 dimensions
D2: Risk Detection — none detected
Risk classification, semantic analysis, intent-parameter consistency
0 / 20 pts
D7: Human-in-the-Loop — none detected
Approval gates, dry-run preview, plan-execute separation
0 / 15 pts
D9: Threat Detection — none detected
Behavioral baselines, anomaly detection, cross-session tracking, kill switch
0 / 20 pts
D16: Data Flow Governance — none detected
Taint labels, data classification, cross-tool leakage prevention
0 / 10 pts
📊 Solutions Comparison2 rows · 17 dimensions · 235 max pts
Tool D1D2D3D4D5D6D7D8D9D10D11D12D13D14D15D16D17 /235 /100
Max pts252020201051515201510101010101010235
SharkRouter231818189514141814999999921491
Your Scan206221090244442014318
SharkRouter per-dimension scores are proportional estimates from total score. Detected tool scores are totals only (per-dimension breakdown not available). Methodology: SCORING.md
🔎 Findings119 total
CRITICAL 21
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:91
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:114
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:129
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
Show 18 more CRITICAL findings
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:144
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:231
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:262
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:278
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:332
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:366
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:390
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:422
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:455
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:491
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:525
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Tool function without input validation
...\langflow\src\backend\base\langflow\agentic\mcp\server.py:569
Add input validation (pydantic, jsonschema, or manual checks)
OWASP LLM01
CRITICAL D2
Agent loop with LLM call has no exit condition — potential infinite loop
...s\langflow\src\backend\base\langflow\api\v1\voice_mode.py:1244
Add max_iterations, timeout, or explicit break condition
CRITICAL D4
Exposed Database URL with credentials: amq...72//
...s\langflow\src\backend\base\langflow\core\celeryconfig.py:15
Move to secrets manager or .env file (excluded from VCS)
EU AI Act Article 15OWASP LLM09
CRITICAL D4
Possible typosquat: 'ctransformers' is 1 edit from 'transformers'
...en\gallery\repos\langflow\src\backend\base\pyproject.toml:1
Verify this is the intended package, not a typosquat of 'transformers'
MITRE AML.T0010
CRITICAL D4
Possible typosquat: 'ctransformers' is 1 edit from 'transformers'
...en\gallery\repos\langflow\src\backend\base\pyproject.toml:1
Verify this is the intended package, not a typosquat of 'transformers'
MITRE AML.T0010
CRITICAL D17
No content injection defense — hidden HTML/CSS/zero-width instructions pass to agents undetected. (86% attack success rate)
Deploy trap defense layer on tool results
EU AI Act Article 15OWASP LLM01MITRE AML.T0051
CRITICAL D17
No RAG poisoning protection — knowledge base documents not scanned for embedded instructions. (<0.1% contamination = >80% attack success)
Deploy trap defense layer on tool results
EU AI Act Article 15OWASP LLM01MITRE AML.T0049
HIGH 47
HIGH D9
Empty exception handler — errors silently swallowed
...s\langflow\src\backend\base\langflow\langflow_launcher.py:9
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...lery\repos\langflow\src\backend\base\langflow\__main__.py:58
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...\base\langflow\agentic\services\helpers\event_consumer.py:59
Log the exception or handle it explicitly
Show 44 more HIGH findings
HIGH D9
Empty exception handler — errors silently swallowed
...ns\369268b9af8b_add_job_id_to_vertex_build_create_job_.py:73
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...e\langflow\alembic\versions\7843803a87b5_store_updates.py:32
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...e\langflow\alembic\versions\7843803a87b5_store_updates.py:38
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...angflow\src\backend\base\langflow\api\utils\kb_helpers.py:64
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...angflow\src\backend\base\langflow\api\utils\kb_helpers.py:94
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...os\langflow\src\backend\base\langflow\api\v1\endpoints.py:717
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...gflow\src\backend\base\langflow\api\v1\knowledge_bases.py:457
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...repos\langflow\src\backend\base\langflow\api\v1\models.py:366
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...repos\langflow\src\backend\base\langflow\api\v1\models.py:399
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...repos\langflow\src\backend\base\langflow\api\v1\models.py:744
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...repos\langflow\src\backend\base\langflow\api\v1\models.py:855
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...s\langflow\src\backend\base\langflow\api\v1\voice_mode.py:971
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...s\langflow\src\backend\base\langflow\api\v1\voice_mode.py:1088
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...gflow\src\backend\base\langflow\services\event_manager.py:215
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...gflow\src\backend\base\langflow\services\store\service.py:397
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...gflow\src\backend\base\langflow\services\store\service.py:434
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...w\src\backend\base\langflow\services\tracing\openlayer.py:328
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...w\src\backend\base\langflow\services\tracing\openlayer.py:677
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...w\src\backend\base\langflow\services\tracing\openlayer.py:687
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...w\src\backend\base\langflow\services\tracing\openlayer.py:784
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...angflow\src\backend\base\langflow\utils\data_structure.py:52
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...ow\src\backend\base\langflow\utils\template_validation.py:191
Log the exception or handle it explicitly
HIGH D9
Empty exception handler — errors silently swallowed
...repos\langflow\src\backend\base\langflow\utils\version.py:38
Log the exception or handle it explicitly
HIGH D5
Potential PII/sensitive data logged via f-string
...ckend\base\langflow\agentic\services\assistant_service.py:156
Redact sensitive fields before logging
EU AI Act Article 15OWASP LLM06
HIGH D5
Potential PII/sensitive data logged via f-string
...s\langflow\src\backend\base\langflow\api\v1\voice_mode.py:605
Redact sensitive fields before logging
EU AI Act Article 15OWASP LLM06
HIGH D5
Potential PII/sensitive data logged via f-string
...s\langflow\src\backend\base\langflow\api\v1\voice_mode.py:618
Redact sensitive fields before logging
EU AI Act Article 15OWASP LLM06
HIGH D5
Potential PII/sensitive data logged via f-string
...s\langflow\src\backend\base\langflow\api\v1\voice_mode.py:586
Redact sensitive fields before logging
EU AI Act Article 15OWASP LLM06
HIGH D5
Potential PII/sensitive data logged via f-string
...s\langflow\src\backend\base\langflow\api\v1\voice_mode.py:591
Redact sensitive fields before logging
EU AI Act Article 15OWASP LLM06
HIGH D5
Potential PII/sensitive data logged via f-string
...langflow\src\backend\base\langflow\api\v2\registration.py:126
Redact sensitive fields before logging
EU AI Act Article 15OWASP LLM06
HIGH D5
Potential PII/sensitive data logged via f-string
...langflow\src\backend\base\langflow\api\v2\registration.py:136
Redact sensitive fields before logging
EU AI Act Article 15OWASP LLM06
HIGH D5
Potential PII/sensitive data logged via f-string
...langflow\src\backend\base\langflow\api\v2\registration.py:88
Redact sensitive fields before logging
EU AI Act Article 15OWASP LLM06
HIGH D5
Potential PII/sensitive data logged via f-string
...langflow\src\backend\base\langflow\api\v2\registration.py:82
Redact sensitive fields before logging
EU AI Act Article 15OWASP LLM06
HIGH D6
LangChain used without CallbackManager — no tool/chain observability
...\gallery\repos\langflow\src\backend\base\langflow\main.py:60
Add CallbackManager with on_tool_start/on_chain_start handlers
EU AI Act Article 13
HIGH D6
LangChain used without CallbackManager — no tool/chain observability
...allery\repos\langflow\src\backend\base\langflow\memory.py:6
Add CallbackManager with on_tool_start/on_chain_start handlers
EU AI Act Article 13
HIGH D6
LangChain used without CallbackManager — no tool/chain observability
...angflow\src\backend\base\langflow\api\utils\kb_helpers.py:17
Add CallbackManager with on_tool_start/on_chain_start handlers
EU AI Act Article 13
HIGH D6
LangChain used without CallbackManager — no tool/chain observability
...gflow\src\backend\base\langflow\api\v1\knowledge_bases.py:11
Add CallbackManager with on_tool_start/on_chain_start handlers
EU AI Act Article 13
HIGH D6
LangChain used without CallbackManager — no tool/chain observability
...\repos\langflow\src\backend\base\langflow\helpers\data.py:7
Add CallbackManager with on_tool_start/on_chain_start handlers
EU AI Act Article 13
HIGH D6
LangChain used without CallbackManager — no tool/chain observability
...\repos\langflow\src\backend\base\langflow\helpers\flow.py:303
Add CallbackManager with on_tool_start/on_chain_start handlers
EU AI Act Article 13
HIGH D7
CrewAI agent without guardrail — no output validation gate
...\langflow\initial_setup\starter_projects\complex_agent.py:1
Add guardrail= parameter to agent/task config for output validation
HIGH D7
CrewAI agent without guardrail — no output validation gate
...nitial_setup\starter_projects\hierarchical_tasks_agent.py:1
Add guardrail= parameter to agent/task config for output validation
HIGH D6
LangChain used without CallbackManager — no tool/chain observability
...\src\backend\base\langflow\serialization\serialization.py:10
Add CallbackManager with on_tool_start/on_chain_start handlers
EU AI Act Article 13
HIGH D6
LangChain used without CallbackManager — no tool/chain observability
...repos\langflow\src\backend\base\langflow\utils\schemas.py:5
Add CallbackManager with on_tool_start/on_chain_start handlers
EU AI Act Article 13
HIGH D17
No behavioral trap detection — post-execution behavioral changes not monitored. (10/10 M365 Copilot attacks succeeded)
Deploy trap defense layer on tool results
EU AI Act Article 14OWASP LLM07MITRE AML.T0051
HIGH D17
No approval integrity verification -- agent summaries for approval not cross-checked against actual actions. (Approval fatigue exploitation)
Deploy trap defense layer on tool results
EU AI Act Article 14OWASP LLM07MITRE AML.T0048
MEDIUM 51
MEDIUM D12
Hardcoded model name: 'TranslationFlow - Language Detection, Translation, and Intent Classification. This flow translates user input to English and classifies intent as either 'generate_component' or 'question'. Usage: from langflow.agentic.flows.translation_flow import get_graph graph = await get_graph(provider="OpenAI", model_name="gpt-4o-mini") ' — no routing/fallback
...c\backend\base\langflow\agentic\flows\translation_flow.py:1
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'Create and return the TranslationFlow graph. Args: provider: Model provider (e.g., "OpenAI", "Anthropic"). Defaults to OpenAI. model_name: Model name (e.g., "gpt-4o-mini"). Defaults to gpt-4o-mini. api_key_var: Optional API key variable name (e.g., "OPENAI_API_KEY"). Returns: Graph: The configured translation flow graph. ' — no routing/fallback
...c\backend\base\langflow\agentic\flows\translation_flow.py:79
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'gpt-4o-mini' — no routing/fallback
...c\backend\base\langflow\agentic\flows\translation_flow.py:91
Use model routing or configuration instead of hardcoded names
Show 48 more MEDIUM findings
MEDIUM D12
Hardcoded model name: 'Inject model configuration into the flow's Agent component. Args: flow_data: The flow JSON as a dict provider: The provider name (e.g., "OpenAI", "Anthropic") model_name: The model name (e.g., "gpt-4o", "claude-sonnet-4-5-20250929") api_key_var: Optional API key variable name. If not provided, uses provider's default. Returns: Modified flow data with the model configuration injected Raises: ValueError: If provider is unknown ' — no routing/fallback
...ackend\base\langflow\agentic\services\flow_preparation.py:16
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'Load a Graph from a Python flow file. The Python file must define a function `get_graph()` that returns a Graph. The function can optionally accept provider, model_name, and api_key_var parameters. Args: flow_path: Path to the Python flow file. provider: Optional model provider (e.g., "OpenAI"). model_name: Optional model name (e.g., "gpt-4o-mini"). api_key_var: Optional API key variable name. Returns: Graph: The loaded and configured graph. Raises: HTTPException: If the flow file cannot be loaded or executed. ' — no routing/fallback
...end\base\langflow\agentic\services\helpers\flow_loader.py:119
Use model routing or configuration instead of hardcoded names
MEDIUM D5
print() used instead of structured logging
...w\alembic\versions\006b3990db50_add_unique_constraints.py:39
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...w\alembic\versions\006b3990db50_add_unique_constraints.py:62
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...sions\0882f9657f22_encrypt_existing_mcp_auth_settings_.py:68
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...sions\0882f9657f22_encrypt_existing_mcp_auth_settings_.py:72
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...sions\0882f9657f22_encrypt_existing_mcp_auth_settings_.py:118
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...sions\0882f9657f22_encrypt_existing_mcp_auth_settings_.py:122
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...ow\alembic\versions\2ac71eb9c3ae_adds_credential_table.py:41
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...ow\alembic\versions\2ac71eb9c3ae_adds_credential_table.py:51
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...alembic\versions\67cc006d50bf_add_profile_image_column.py:39
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...alembic\versions\67cc006d50bf_add_profile_image_column.py:54
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...e\langflow\alembic\versions\7843803a87b5_store_updates.py:52
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...\versions\7d2162acc8b2_adds_updated_at_and_folder_cols.py:34
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...\versions\7d2162acc8b2_adds_updated_at_and_folder_cols.py:43
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...\versions\7d2162acc8b2_adds_updated_at_and_folder_cols.py:60
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...\versions\7d2162acc8b2_adds_updated_at_and_folder_cols.py:66
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...mbic\versions\f5ee9749d1a6_user_id_can_be_null_in_flow.py:27
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...mbic\versions\f5ee9749d1a6_user_id_can_be_null_in_flow.py:38
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...low\alembic\versions\fd531f8868b1_fix_credential_table.py:36
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D5
print() used instead of structured logging
...low\alembic\versions\fd531f8868b1_fix_credential_table.py:55
Use logging.* or structlog.* for structured, searchable logs
MEDIUM D12
Hardcoded model name: 'Expand a compact flow format to full flow format. This endpoint takes a minimal flow representation (as generated by AI agents) and expands it to the full format expected by the Langflow UI. The compact format only requires: - nodes: list of {id, type, values?} - edges: list of {source, source_output, target, target_input} The endpoint returns the full flow data with complete component templates. Example input: ```json { "nodes": [ {"id": "1", "type": "ChatInput"}, {"id": "2", "type": "OpenAIModel", "values": {"model_name": "gpt-4"}} ], "edges": [ {"source": "1", "source_output": "message", "target": "2", "target_input": "input_value"} ] } ``` ' — no routing/fallback
...\repos\langflow\src\backend\base\langflow\api\v1\flows.py:905
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'gpt-4o-transcribe' — no routing/fallback
...s\langflow\src\backend\base\langflow\api\v1\voice_mode.py:220
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'wss://api.openai.com/v1/realtime?model=gpt-4o-mini-realtime-preview' — no routing/fallback
...s\langflow\src\backend\base\langflow\api\v1\voice_mode.py:753
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'gpt-4o-mini-tts' — no routing/fallback
...s\langflow\src\backend\base\langflow\api\v1\voice_mode.py:1300
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'gpt-4o-mini' — no routing/fallback
...\langflow\initial_setup\starter_projects\complex_agent.py:12
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'gpt-4o' — no routing/fallback
...\langflow\initial_setup\starter_projects\complex_agent.py:13
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'gpt-4o-mini' — no routing/fallback
...nitial_setup\starter_projects\hierarchical_tasks_agent.py:12
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'gpt-4o' — no routing/fallback
...nitial_setup\starter_projects\hierarchical_tasks_agent.py:13
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'Expand a compact flow format to full flow format. Args: compact_data: The compact flow data with nodes and edges all_types_dict: The component types dictionary from component_cache Returns: Full flow data structure ready for Langflow UI Example compact input: { "nodes": [ {"id": "1", "type": "ChatInput"}, {"id": "2", "type": "OpenAIModel", "values": {"model_name": "gpt-4"}} ], "edges": [ {"source": "1", "source_output": "message", "target": "2", "target_input": "input_value"} ] } ' — no routing/fallback
...gflow\src\backend\base\langflow\processing\expand_flow.py:252
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'The source of the message. Normally used to display the model name (e.g. 'gpt-4o')' — no routing/fallback
...s\langflow\src\backend\base\langflow\schema\properties.py:11
Use model routing or configuration instead of hardcoded names
MEDIUM D12
Hardcoded model name: 'Format a span name following the OTel semantic convention ``"{operation} {model}"``. Args: operation: Human-readable operation name (e.g. ``"ChatOpenAI"``). model_name: Optional model identifier (e.g. ``"gpt-4o"``). Returns: ``"{operation} {model_name}"`` when model is known, otherwise just ``operation``. ' — no routing/fallback
...backend\base\langflow\services\tracing\native_callback.py:139
Use model routing or configuration instead of hardcoded names
MEDIUM D4
Exposed Database URL (no credentials): red...t}/0
...s\langflow\src\backend\base\langflow\core\celeryconfig.py:9
Move to secrets manager or .env file (excluded from VCS)
EU AI Act Article 15OWASP LLM09
MEDIUM D4
Exposed Database URL (no credentials): red...t}/0
...s\langflow\src\backend\base\langflow\core\celeryconfig.py:10
Move to secrets manager or .env file (excluded from VCS)
EU AI Act Article 15OWASP LLM09
MEDIUM D4
Exposed Database URL (no credentials): red...79/0
...s\langflow\src\backend\base\langflow\core\celeryconfig.py:16
Move to secrets manager or .env file (excluded from VCS)
EU AI Act Article 15OWASP LLM09
MEDIUM D14
Unpinned AI dependency: openai
...en\gallery\repos\langflow\src\backend\base\pyproject.toml:7
Pin version: openai==<specific_version>
MEDIUM D14
Unpinned AI dependency: langchain
...en\gallery\repos\langflow\src\backend\base\pyproject.toml:7
Pin version: langchain==<specific_version>
MEDIUM D14
Unpinned AI dependency: openai
...en\gallery\repos\langflow\src\backend\base\pyproject.toml:385
Pin version: openai==<specific_version>
MEDIUM D14
Unpinned AI dependency: anthropic
...en\gallery\repos\langflow\src\backend\base\pyproject.toml:386
Pin version: anthropic==<specific_version>
MEDIUM D14
Unpinned AI dependency: litellm
...en\gallery\repos\langflow\src\backend\base\pyproject.toml:425
Pin version: litellm==<specific_version>
MEDIUM D14
Unpinned AI dependency: langchain
...en\gallery\repos\langflow\src\backend\base\pyproject.toml:449
Pin version: langchain==<specific_version>
MEDIUM D14
Unpinned AI dependency: langchain
...en\gallery\repos\langflow\src\backend\base\pyproject.toml:450
Pin version: langchain==<specific_version>
MEDIUM D14
Unpinned AI dependency: langchain
...en\gallery\repos\langflow\src\backend\base\pyproject.toml:452
Pin version: langchain==<specific_version>
MEDIUM D6
CrewAI agent without max_iter or timeout — unbounded execution
...\langflow\initial_setup\starter_projects\complex_agent.py:1
Set max_iter= and/or timeout= to prevent runaway agent loops
MEDIUM D6
CrewAI agent without max_iter or timeout — unbounded execution
...nitial_setup\starter_projects\hierarchical_tasks_agent.py:1
Set max_iter= and/or timeout= to prevent runaway agent loops
MEDIUM D17
No adversarial testing evidence — no red team, no prompt injection tests
Implement adversarial testing for agent systems
MEDIUM D17
No tool-call attack simulation — agent tool calls not tested against adversarial inputs
Implement adversarial testing for agent systems
MEDIUM D17
No multi-agent chaos engineering — agent swarms not stress tested
Implement adversarial testing for agent systems
💡 Recommendationsordered by score impact
#1
Establish a live tool inventory +23 pts
No tool catalog detected. Without a centralized inventory of MCP tools and their schemas, governance policies have nothing to enforce against. Deploy a tool registry with auto-discovery.
⚠ The Workaround Tax
Stop paying the Workaround Tax. Relying on prompt-filters and out-of-band monitoring forces your developers to write manual security logic scattered across every agent and service. A centralized gateway enforces policy automatically — at the interception layer, on every tool call, without code changes in your agents.
Current state
18/ 100
✗ UNGOVERNED
D1 Tool Inventory
2/25
D2 Risk Detection
0/20
D9 Threat Detection
0/20
D4 Credential Management
2/20
D7 Human-in-the-Loop
0/15
+ SharkRouter (full deployment)
91/ 100
✓ GOVERNED
D1 Tool Inventory
23 +21
D2 Risk Detection
18 +18
D9 Threat Detection
18 +18
D4 Credential Management
18 +16
D7 Human-in-the-Loop
14 +14
* Projection based on SharkRouter's estimated score. Actual results may vary.  sharkrouter.ai → 18 → 91 · +73 pts
#2
Deploy risk classification for tool calls +20 pts
No risk scoring on tool invocations. Every tool call carries the same implicit trust level. Classify tools by risk (destructive, financial, exfiltration) and enforce approval gates for high-risk categories. (16 findings in this dimension)
#3
Deploy behavioral detection and kill switch +20 pts
No behavioral baselines, no anomaly detection, no auto-suspend capability. A compromised agent can operate indefinitely. Salami slicing across sessions is undetectable. (26 findings in this dimension)
#4
Move credentials to a secrets manager +18 pts
API keys or credentials found in source code. Move to HashiCorp Vault, AWS Secrets Manager, or environment-level secret stores. Rotate all exposed keys immediately. Add .env to .gitignore. (6 findings in this dimension)
#5
Add human-in-the-loop approval gates +15 pts
No approval gates or dry-run preview detected. Agents can execute irreversible operations with no confirmation. Deploy plan-execute separation with mandatory human approval for destructive actions. (2 findings in this dimension)
Generated by Warden v1.6.0 · Open Source · MIT License · github.com/sharkrouter/warden
Scoring model v4.3 · 17 weighted dimensions · 235 pts · methodology in SCORING.md
Scan data stays on your machine. Email delivery is opt-in only.
When opted in: score + metadata only. Never: keys, logs, paths, or PII.
Privacy policy · To enforce policies on what Warden found → Explore what 91/100 looks like →