godot-adapt-desktop-to-mobile

Fail

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: HIGHCREDENTIALS_UNSAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script 'scripts/offline_save_sync.gd' uses a hardcoded encryption password 'secure_mobile_key_123!' in the 'FileAccess.open_encrypted_with_pass' function call. Hardcoding secrets in source code is a critical security vulnerability that allows anyone with access to the code or the compiled application to decrypt local save data, completely bypassing the intended security of the encryption.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 25, 2026, 09:37 AM
Security Audit — agent-trust-hub — godot-adapt-desktop-to-mobile