paperclipai/paperclip

https://github.com/paperclipai/paperclip

Scanned on Mar 26, 2026

15 High
1 Low

AI Assessment

VERDICT

This repository appears production-ready based on automated scanner results. The codebase shows excellent security posture with zero critical or high-severity findings, but complexity warnings warrant review before deployment.

TOP RISKS

→ The scanner flagged excessive cyclomatic complexity (CCN 622) in readSkillMarkdown function across multiple files: server/src/routes/access.ts:105, ui/src/components/AgentConfigForm.tsx:429, and ui/src/context/LiveUpdatesProvider.tsx:18. This suggests potential maintainability and testability concerns.

→ No SECURITY.md file was detected. Best practice guidance recommends publishing security policies and vulnerability disclosure procedures.

WHAT TO FIX FIRST

Address the cyclomatic complexity flagged in server/src/routes/access.ts:105. The readSkillMarkdown function was flagged with CCN 622 (extremely high complexity). Breaking this into smaller, testable functions would improve maintainability without requiring security changes.

ADDITIONAL NOTES

The low finding count and perfect scores across Security, Secrets, and Dependencies categories indicate strong baseline practices. The complexity warnings appear to be the primary technical debt. Note that extremely high CCN values sometimes indicate the scanner may have miscalculated or encountered parsing issues—verify the actual function structure in your code to confirm whether refactoring is necessary or if this is a false positive.

Consider adding the SECURITY.md file to formalize your vulnerability disclosure process.

fix-prompt.md

Category Breakdown

Security0%Secrets & Credentials0%Dependencies0%Code Quality0%Best Practices0%
300/300
Security
200/200
Secrets & Credentials
150/150
Dependencies
100/100
Code Quality
100/100
Best Practices1 finding

Findings(16 in 2 groups)

Tip: 1 low-severity finding is style suggestions, not security risks.

This function is extremely complex (complexity score: 622). It likely has hidden bugs that are hard to find, and AI coding tools will struggle to modify it correctly.

AI Fix Prompt

In server/src/routes/access.ts at line 105, there's a function with cyclomatic complexity of 622 (should be under 15). Break it down: 1. Identify the different things this function does (each if/else branch, each loop) 2. Extract each logical step into its own smaller function with a clear name 3. The main function should read like a high-level description of the process 4. Each new function should do ONE thing and be easy to understand on its own 5. Aim for functions with complexity under 10

server/src/routes/access.tsL105
ui/src/components/AgentConfigForm.tsxL429
ui/src/context/LiveUpdatesProvider.tsxL18
ui/src/pages/AgentDetail.tsxL1900
ui/src/components/IssueProperties.tsxL33

Your project is missing a recommended best practice. Following best practices makes your project more professional, maintainable, and easier for others to contribute to.

AI Fix Prompt

Your project is missing: "No SECURITY.md file". Please add this to follow software development best practices. This improves project maintainability, collaboration, and professionalism.

Share your ShipScanner

Show the world your code quality. Your report has a beautiful preview image built in.

LinkedInTwitter / X

Embed Trust Badge

Show your code quality score in your README. The badge updates automatically every time you re-scan.

README.md
ShipScanner: A+ 815
[![ShipScanner: A+ 815](https://shipscanner.dev/api/badge/cmn73gnfs000zic048trn7lz5)](https://shipscanner.dev/report/cmn73gnfs000zic048trn7lz5)