I scanned 15 popular Python projects for security bugs. The oldest one had the worst issue.
TL;DR
463 findings. 120 critical. The worst offender wasn't some weekend hobby project — it was a library used by the Python Software Foundation. It had eval() in production code. I fixed it.
I ran AgentGuard (65 rules + GLM-5.2 verification) against 15 well-known Python projects. Here's what I found — and what I fixed.
The Setup
$ agentguard scan ./project --tier pro --format json
AgentGuard is an open-source scanner with a twist: GLM-5.2 reviews every finding to filter false positives, then auto-generates fixes. Think Bandit + AI review + auto-fix in one command. GitHub | pip install agentguardp
The Results
15 projects, 1K to 30K lines of Python each:
| Project | Stars | Findings | Critical | High | Top Issue |
|---|---|---|---|---|---|
| paramiko | 3.5K | 185 | 52 | 4 | Hardcoded keys, path traversal |
| httpx | 13K | 55 | 32 | 4 | Hardcoded secrets, pickle |
| click | 16K | 41 | 0 | 5 | while-True loops, PY050 |
| flask | 68K | 36 | 3 | 12 | eval/exec (by design), DEBUG=True |
| tqdm | 28K | 30 | 0 | 2 | SSRF in examples |
| python-jose | 1.7K | 27 | 20 | 0 | Private keys in test fixtures |
| rich | 50K | 25 | 0 | 0 | while-True, weak random |
| data-diff | 3K | 25 | 2 | 22 | MD5, SSRF |
| httpie | 34K | 14 | 0 | 6 | SSRF, SSL verify=False |
| pydantic | 20K | 10 | 5 | 2 | pickle, hardcoded secrets |
| requests-html | 13K | 7 | 5 | 0 | eval() in production |
| arq | 2K | 5 | 0 | 0 | assert statements |
| tweets_analyzer | 3K | 2 | 1 | 0 | Hardcoded API keys (template) |
| wikipedia | 3K | 1 | 0 | 1 | SSRF |
| m2cgen | 3K | 0 | 0 | 0 | Clean! |
Total: 463 findings / 120 critical / 58 high
The Best Find: eval() in a PSF Library
requests-html (13K Stars, maintained by the Python Software Foundation) had this in its core:
# requests_html.py:570
def __convert(cookiejar, key):
try:
v = eval("cookiejar." + key) # <-- INJECTION RISK
AgentGuard's GLM-5.2 cloud fix suggested replacing it with getattr():
# After fix
v = getattr(cookiejar, key, None)
I submitted a PR: psf/requests-html#610
Top 5 Most Common Issues
-
assert for security checks (107) — removed in
python -O, check silently disappears - Path traversal (82) — user-controlled paths without validation
- Hardcoded secrets (67) — API keys, passwords in source code
-
Unbounded loops (42) —
while True:without timeout -
Weak random (24) —
randominstead ofsecrets
Why GLM-5.2 Matters
| Model | F1 Score (Vuln Detection) | Cost per Finding |
|---|---|---|
| Claude Code | 32-37% | ~$1.02 |
| GLM-5.2 | 39% | $0.17 |
GLM-5.2 outperforms Claude Code in security detection at 1/6 the cost. AgentGuard is the first tool to productize this.
Source: Semgrep security evaluation (cybernexora.com, paddo.dev)
The Pipeline
$ agentguard pipeline ./vulnerable.py --mode dry-run
[1/4] Scanning... 6 findings
[2/4] GLM-5.2 verifying... 6 confirmed, 0 rejected
[3/4] Fixing... 4 auto-fixed, 2 need manual review
[4/4] Validating... No new issues introduced
Rules find suspects. GLM-5.2 confirms, fixes, and verifies.
Try It
pip install agentguardp
agentguard scan ./your-project
agentguard pipeline ./src --mode dry-run
14-day Pro trial included. GLM-5.2 cloud fix activates automatically.
- GitHub: https://github.com/difcn2026/agentguardp
- PyPI: https://pypi.org/project/agentguardp/
- Website: https://agentguardp.com
Scanned and auto-fixed by AgentGuard + GLM-5.2.
Top comments (0)