hossamelrifaei/Rick_and_Morty
https://github.com/hossamelrifaei/Rick_and_MortyScanned on Mar 19, 2026
AI Assessment
VERDICT
Not ready for production. The application has an unprotected exported activity that could allow unauthorized access, plus significant gaps in testing infrastructure and security documentation.
TOP RISKS
→ Exported activity in AndroidManifest.xml (line 13) was flagged as accessible to any application on the device, potentially compromising application integrity or data. Verify whether this activity requires protection via permission declarations or explicit export settings.
→ Duplicated ProGuard configuration blocks across app/proguard-rules.pro, data/proguard-rules.pro, and domain/proguard-rules.pro (each 21 lines) indicate maintenance risk and inconsistent obfuscation rules.
→ No test suite detected in the repository. Automated scanners found no testing framework configured, making it impossible to verify code correctness or catch regressions.
→ High cyclomatic complexity (CCN 10) flagged in data/src/main/java/com/example/data/remoteresponse/Results.kt at line 22. Suggests the toModel function has too many conditional branches to test reliably.
→ Missing critical documentation files: no LICENSE, SECURITY.md, or CODEOWNERS file established. These gaps indicate incomplete open source or enterprise readiness.
WHAT TO FIX FIRST
Fix the exported activity vulnerability in app/src/main/AndroidManifest.xml at line 13. Add android:exported="false" or restrict access via intent filters and permissions. This is a direct security exposure that any application could exploit.
Note: Verify the exported activity finding against your actual manifest—automated tools sometimes flag intentionally public activities incorrectly.
Category Breakdown
Findings(20 in 8 groups)
The application exports an activity. Any application on the device can launch the exported activity which may compromise the integrity of your application or its data. Ensure that any exported activities do not have privileged access to your application's control plane. | CWE: CWE-926: Improper Export of Android Application Components | OWASP: A5:2021 Security Misconfiguration
Affected files
Duplicate found between domain/proguard-rules.pro:1 and mvi/proguard-rules.pro:1. Consider extracting shared logic into a reusable function or module.
Affected files
This repository has no LICENSE file. Without a license, the code is technically all-rights-reserved by default, which prevents others from using it.
Affected files
No test directory or test files were found. Automated tests are critical for maintaining code quality and preventing regressions.
Affected files
Function "toModel" has a cyclomatic complexity of 10 (16 lines, 0 parameters). Consider simplifying this function to improve readability and testability.
Affected files
A package manifest was found but no corresponding lock file (package-lock.json, pnpm-lock.yaml, yarn.lock, Pipfile.lock, pubspec.lock, Cargo.lock, go.sum, Gemfile.lock, composer.lock). Lock files ensure reproducible builds.
Affected files
This repository has no SECURITY.md file. A security policy helps users report vulnerabilities responsibly and shows that the project takes security seriously.
Affected files
This repository has no CODEOWNERS file. CODEOWNERS ensures that pull requests are automatically assigned to the right reviewers, improving code review coverage.
Affected files
Share your ShipScanner
Show the world your code quality. Your report has a beautiful preview image built in.
Embed Trust Badge
Show your code quality score in your README. The badge updates automatically every time you re-scan.
[](https://shipscanner.dev/report/cmmy30p020001js0426ovpvk9)