godot-adapt-desktop-to-mobile
Fail
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: HIGHCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The script 'scripts/offline_save_sync.gd' uses a hardcoded encryption password 'secure_mobile_key_123!' in the 'FileAccess.open_encrypted_with_pass' function call. Hardcoding secrets in source code is a critical security vulnerability that allows anyone with access to the code or the compiled application to decrypt local save data, completely bypassing the intended security of the encryption.
Recommendations
- AI detected serious security threats
Audit Metadata