> github-code-search@2.0.0 scan > tsx src/pipeline/index.ts -q sqlite wallet private key encrypt crypto -q sqlite3 wallet seed phrase mnemonic store -q better-sqlite3 wallet balance transfer crypto -q sqlite wallet keypair generate blockchain -q sqlite crypto wallet deposit withdrawal -q sequelize sqlite wallet private key -q prisma sqlite wallet crypto transfer -q DATABASE_URL sqlite wallet crypto send -q wallet.db private_key sqlite crypto -q sqlite wallet backup recovery seed -q eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 supabase.co telegram wallet bot send -q eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 supabase.co payment wallet gateway crypto -q mongodb+srv wallet bot telegram send receive -q mongodb+srv wallet service api key secret -q mongodb+srv e-wallet crypto payment -g Find repositories with REAL accidentally committed credentials or sensitive data in crypto WALLET projects. Looking for: 1) SQLite databases committed with private keys, seed phrases, or wallet data inside. 2) Supabase/MongoDB credentials in wallet Telegram bots. 3) Projects that store private keys in SQLite/better-sqlite3 databases alongside the source code. 4) Wallet services with hardcoded API keys, master keys, or encryption keys. Must be WALLET projects handling real crypto funds — sending, receiving, storing private keys. STRICT IGNORE: placeholders, tutorials, proper env var usage, non-wallet projects, empty database schemas without data. --no-telegram [04:36:34] Starting scan [04:36:34] Goal: Find repositories with REAL accidentally committed credentials or sensitive data in crypto WALLET projects. Looking for: 1) SQLite databases committed with private keys, seed phrases, or wallet data inside. 2) Supabase/MongoDB credentials in wallet Telegram bots. 3) Projects that store private keys in SQLite/better-sqlite3 databases alongside the source code. 4) Wallet services with hardcoded API keys, master keys, or encryption keys. Must be WALLET projects handling real crypto funds — sending, receiving, storing private keys. STRICT IGNORE: placeholders, tutorials, proper env var usage, non-wallet projects, empty database schemas without data. [04:36:34] Queries: "sqlite wallet private key encrypt crypto", "sqlite3 wallet seed phrase mnemonic store", "better-sqlite3 wallet balance transfer crypto", "sqlite wallet keypair generate blockchain", "sqlite crypto wallet deposit withdrawal", "sequelize sqlite wallet private key", "prisma sqlite wallet crypto transfer", "DATABASE_URL sqlite wallet crypto send", "wallet.db private_key sqlite crypto", "sqlite wallet backup recovery seed", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 supabase.co telegram wallet bot send", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 supabase.co payment wallet gateway crypto", "mongodb+srv wallet bot telegram send receive", "mongodb+srv wallet service api key secret", "mongodb+srv e-wallet crypto payment" [04:36:34] Concurrency: 3 | Max repos/query: 100 [04:36:34] Searching: "sqlite wallet private key encrypt crypto" [04:36:37] Page 1: +100 items, 56 repos total [04:36:43] Found 56 repos (56 new, 0 already seen) [04:36:43] [1/56] Analyzing jasonhua95/awesome-dotnet-core... [04:36:43] [2/56] Analyzing Tim9Liu9/TimLiu-iOS... [04:36:43] [3/56] Analyzing fluttergems/awesome-open-source-flutter-apps... [04:36:51] [2/56] SKIP Tim9Liu9/TimLiu-iOS — This is a curated list of iOS development libraries, plugins, and blogs. It is not a wallet project and contains no credentials or sensitive data. [04:36:51] [4/56] Analyzing c0dejump/HawkScan... [04:36:51] [1/56] SKIP jasonhua95/awesome-dotnet-core — This is an awesome-list curated collection of .NET Core libraries, tools, and frameworks. It is not a wallet project and contains no credentials or sensitive data. [04:36:51] [5/56] Analyzing alphaSeclab/awesome-network-stuff... [04:36:52] [3/56] SKIP fluttergems/awesome-open-source-flutter-apps — This is a curated list (awesome list) of open source Flutter apps. It simply links to other repositories and contains no source code, credentials, or sensitive data. [04:36:52] [6/56] Analyzing GhostKellz/ghostchain... [04:36:59] [5/56] SKIP alphaSeclab/awesome-network-stuff — This is an awesome-list/curated collection of network security tools and resources (proxies, VPNs, Tor, etc.). It is not a crypto wallet project and contains no credentials or sensitive data. [04:36:59] [7/56] Analyzing devsecboy/DomainRecon... [04:37:00] [4/56] SKIP c0dejump/HawkScan — HawkScan is a web reconnaissance and directory fuzzing security tool. The matched file 'dichawk.txt' is simply a wordlist/dictionary used for brute-forcing URLs on websites, containing common paths like 'wallet.dat' and 'crypto/'. [04:37:00] [8/56] Analyzing TencentCloud/O266player... [04:37:01] [6/56] SKIP GhostKellz/ghostchain — This is a blockchain platform project with wallet daemon documentation. All keys, credentials, and database references are placeholders/examples in documentation, not real accidentally committed secrets. [04:37:01] [9/56] Analyzing Axentro/Axentro... [04:37:07] [8/56] SKIP TencentCloud/O266player — This is a modified VLC media player (O266player) by Tencent for H.266/VVC video decoding. It has no relation to cryptocurrency wallets or credential storage. [04:37:07] [10/56] Analyzing ilyarolf/AiogramShopBot... [04:37:08] [9/56] SKIP Axentro/Axentro — Axentro is a blockchain platform (cryptocurrency/dApp framework) written in Crystal. There are no accidentally committed credentials, private keys, seed phrases, or sensitive data in the repository. [04:37:08] [11/56] Analyzing suguru03/made-in-japan... [04:37:08] [7/56] SKIP devsecboy/DomainRecon — This is a domain reconnaissance/subdomain enumeration security tool, not a crypto wallet project. The match was triggered by 'wallet.json' appearing in a common directory/file bruteforce wordlist. [04:37:08] [12/56] Analyzing antirez/hnstyle... [04:37:14] [10/56] SKIP ilyarolf/AiogramShopBot — This is an open-source Telegram e-commerce shop bot with crypto payment support, not a wallet project with accidentally committed credentials. [04:37:14] [13/56] Analyzing pkgforge-security/Wordlists... [04:37:15] [11/56] SKIP suguru03/made-in-japan — This is a curated list of developers and projects made in Japan, not a crypto wallet project. The keyword matches are coincidental references to unrelated projects. [04:37:15] [14/56] Analyzing yangwenmai/github-trending-backup... [04:37:16] [12/56] SKIP antirez/hnstyle — This is a text analysis/stylometry project by antirez for fingerprinting Hacker News users using word frequency analysis. It has no relation to crypto wallets or credentials. [04:37:16] [15/56] Analyzing prykon/GDAT... [04:37:22] [14/56] SKIP yangwenmai/github-trending-backup — This repository is a daily backup/archive of GitHub trending repositories. It contains only markdown files listing trending repos — no wallet code, credentials, or sensitive data. [04:37:22] [16/56] Analyzing chinanf-boy/awesome-rust-zh... [04:37:22] [13/56] SKIP pkgforge-security/Wordlists — This is a bug bounty wordlist collection for DNS subdomain bruteforcing and web fuzzing. It has no relation to crypto wallets or credentials. [04:37:22] [17/56] Analyzing TheKingOfDuck/paramFuzzer... [04:37:25] [15/56] SKIP prykon/GDAT — This is a Google Dorks automation tool containing a large list of search queries (dorks) for finding vulnerabilities. It is not a crypto wallet project and contains no credentials. [04:37:25] [18/56] Analyzing Jim8y/awesome-sgx... [04:37:29] [16/56] SKIP chinanf-boy/awesome-rust-zh — This is a Chinese translation of the awesome-rust curated list of Rust libraries and resources. It contains no credentials, wallet code, or sensitive data. [04:37:29] [19/56] Analyzing rix4uni/WordList... [04:37:31] [17/56] SKIP TheKingOfDuck/paramFuzzer — This is a parameter fuzzing/testing tool with a wordlist of common URL parameters and paths. It has no relation to crypto wallets, credentials, or sensitive data. [04:37:31] [20/56] Analyzing bsv-blockchain/wab... [04:37:32] [18/56] SKIP Jim8y/awesome-sgx — This is a curated awesome-list of Intel SGX (Software Guard Extensions) resources and projects. It contains no code, credentials, or sensitive data — just links to other repositories and papers. [04:37:32] [21/56] Analyzing broiscodingtpc/jokerspvp... [04:37:36] [19/56] SKIP rix4uni/WordList — This is a security/bug bounty fuzzing wordlist repository containing URL paths for web application testing. It has no relation to crypto wallets or accidentally committed credentials. [04:37:36] [22/56] Analyzing Anoncheg1/yet_another_insignificant_programming_notes... [04:37:38] [20/56] SKIP bsv-blockchain/wab — This is a BSV wallet authentication backend reference implementation that uses environment variables for sensitive configuration. No accidentally committed credentials or sensitive data found. [04:37:38] [23/56] Analyzing anptgen/github-trending... [04:37:40] [21/56] SKIP broiscodingtpc/jokerspvp — This is a prompt/instructions file for building a Telegram duel bot on Solana, not actual source code with committed credentials or sensitive data. [04:37:40] [24/56] Analyzing andriksantos/keebox... [04:37:43] [22/56] SKIP Anoncheg1/yet_another_insignificant_programming_notes — This repository is a collection of programming notes and study materials covering topics like business intelligence, data warehouses, Python, Linux, etc. It has no relation to crypto wallets. [04:37:43] [25/56] Analyzing zydou/high-frequency-words... [04:37:46] [24/56] SKIP andriksantos/keebox — This is a curated list of developer resources and tools (an 'awesome list' style repository), not a crypto wallet project. [04:37:46] [26/56] Analyzing minilandl/dotfiles... [04:37:46] [23/56] SKIP anptgen/github-trending — This repository is an automated GitHub trending tracker that scrapes and logs daily trending repositories. It has no relation to crypto wallets or accidentally committed credentials. [04:37:46] [27/56] Analyzing openSUSE/packages-i18n... [04:37:50] [25/56] SKIP zydou/high-frequency-words — This repository is simply a list of the most common English words ordered by frequency. It has no relation to crypto wallets, credentials, or sensitive data. [04:37:50] [28/56] Analyzing jabber-at/gajim... [04:37:54] [27/56] SKIP openSUSE/packages-i18n — This is the openSUSE packages-i18n repository containing translations of Linux package descriptions. It has nothing to do with crypto wallets or credentials. [04:37:54] [29/56] Analyzing Actinium-project/acmd... [04:37:55] [26/56] SKIP minilandl/dotfiles — This is a Linux dotfiles repository containing window manager configurations (BSPWM, Qtile) and a package list for Arch Linux. It has no relation to crypto wallets or credentials. [04:37:55] [30/56] Analyzing apachecn/bugbountywriteup-blog-zh... [04:37:58] [28/56] SKIP jabber-at/gajim — This is a Debian/Ubuntu package repository for Gajim, an XMPP/Jabber instant messaging client. It has no relation to cryptocurrency wallets. [04:37:58] [31/56] Analyzing madschristensen99/svm-xmr-atomic-swap... [04:38:02] [30/56] SKIP apachecn/bugbountywriteup-blog-zh — This is a Chinese translation collection of InfoSecWriteup blog posts about bug bounties and security research. It contains no wallet code, credentials, or crypto projects. [04:38:02] [32/56] Analyzing irl/gajim... [04:38:03] [29/56] SKIP Actinium-project/acmd — This is an alternative Actinium cryptocurrency full node daemon implementation written in Go, not a wallet project with committed credentials. [04:38:03] [33/56] Analyzing tari-project/tari-wallet... [04:38:06] [31/56] SKIP madschristensen99/svm-xmr-atomic-swap — This is a specification/design document for a Solana-XMR atomic swap backend. It contains no actual code, no committed databases, and no accidentally leaked credentials. [04:38:06] [34/56] Analyzing jeremiebiri/blockchain... [04:38:11] [32/56] SKIP irl/gajim — This is Gajim, an XMPP/Jabber instant messaging client. It has no relation to cryptocurrency wallets or sensitive credential storage. [04:38:11] [35/56] Analyzing 0x4rk0/GDorks... [04:38:12] [33/56] SKIP tari-project/tari-wallet — This is the official Tari wallet library — a well-engineered open-source Rust project with proper security practices. It does not contain any accidentally committed credentials or sensitive data. [04:38:12] [36/56] Analyzing sobieranskip95patryk/HIP-HOP-UNIVERSE... [04:38:14] [34/56] SKIP jeremiebiri/blockchain — This is an educational/research project implementing a consortium blockchain from scratch for a research paper, with simulated cryptography and no real crypto wallet functionality. [04:38:14] [37/56] Analyzing rm1984/DirDigger... [04:38:19] [35/56] SKIP 0x4rk0/GDorks — This is a collection of Google and GitHub dork search queries, not a crypto wallet project. It contains no actual credentials or sensitive data. [04:38:19] [38/56] Analyzing buainoai/awesome-clawdbot-skills... [04:38:21] [36/56] SKIP sobieranskip95patryk/HIP-HOP-UNIVERSE — This is a hip-hop creative platform project with security documentation containing example/tutorial code snippets for best practices — no accidentally committed credentials or sensitive data. [04:38:21] [39/56] Analyzing Deglobeal/Deglobeal... [04:38:21] [37/56] SKIP rm1984/DirDigger — This is a directory/file brute-forcing tool (like DirBuster) with a wordlist of common file/directory names to probe web servers. It has nothing to do with crypto wallets or committed credentials. [04:38:21] [40/56] Analyzing daogora-xyz/bip-keychain-core... [04:38:29] [39/56] SKIP Deglobeal/Deglobeal — This is a personal portfolio/learning repository listing hundreds of API project ideas for a backend developer student. It contains no actual wallet code, databases, or credentials. [04:38:29] [41/56] Analyzing sirosfoundation/go-wallet-backend... [04:38:29] [40/56] SKIP daogora-xyz/bip-keychain-core — This is a general-purpose key derivation tool (SSH, GPG, etc.) based on BIP-32/BIP-85 standards — not a crypto wallet project. It explicitly states cryptocurrency wallet features are out of scope. [04:38:29] [42/56] Analyzing videolan/vlc-3.0... [04:38:29] [38/56] SKIP buainoai/awesome-clawdbot-skills — This is a curated list/directory of 565+ Clawdbot (AI assistant) skills/plugins. It contains no source code, no credentials, and no wallet projects. [04:38:29] [43/56] Analyzing MrTimonM/Horizon... [04:38:36] [42/56] SKIP videolan/vlc-3.0 — This is the VLC media player repository (3.0 branch), a well-known open source media player. It has no relation to cryptocurrency wallets or credential management. [04:38:36] [44/56] Analyzing kleeedolinux/custodial-bank... [04:38:37] [41/56] SKIP sirosfoundation/go-wallet-backend — This is a Verifiable Credentials wallet backend (identity wallet, not crypto wallet) with no committed credentials or sensitive data. [04:38:37] [45/56] Analyzing TiltCheck-ME/Justthetip... [04:38:37] [43/56] SKIP MrTimonM/Horizon — HORIZN is a decentralized VPN marketplace built on Ethereum, not a crypto wallet project. It does not contain accidentally committed credentials or sensitive wallet data. [04:38:37] [46/56] Analyzing svmundada/Tag_prediction_stackoverflow... [04:38:43] [46/56] SKIP svmundada/Tag_prediction_stackoverflow — This is a machine learning project for predicting StackOverflow tags from question titles. It has no relation to crypto wallets or credentials. [04:38:43] [47/56] Analyzing TheFahmi/Cryo-Lang... [04:38:44] [44/56] SKIP kleeedolinux/custodial-bank — This is a custodial bank system for Solana that uses SQLite and stores encrypted private keys, but the repository does not contain any accidentally committed credentials, databases with actual data, or hardcoded secrets. [04:38:44] [48/56] Analyzing ShubhamGhanmode/Morpheus... [04:38:48] [45/56] MAYBE TiltCheck-ME/Justthetip — A Solana Discord tipping bot that stores encrypted private keys in SQLite databases, with evidence that sensitive files (mint-keypair.txt, database.sqlite) were previously committed to the repository before being removed. [04:38:48] [49/56] Analyzing Mhxmd/TelegramBot... [04:38:58] [47/56] SKIP TheFahmi/Cryo-Lang — This is a programming language project (Cryo Lang) with a roadmap that mentions SQLite, MongoDB, and future blockchain/wallet features, but contains no actual wallet code, credentials, or sensitive data. [04:38:58] [50/56] Analyzing Hoeze/gajim... [04:38:58] [48/56] SKIP ShubhamGhanmode/Morpheus — This is a personal finance manager Flutter app (expense tracking, budgets, credit cards) — not a crypto wallet project. It does not handle cryptocurrency private keys, seed phrases, or crypto funds. [04:38:58] [51/56] Analyzing lheckemann/gajim... [04:39:00] [49/56] SKIP Mhxmd/TelegramBot — This is a Telegram marketplace bot with Solana wallet integration, but the repository appears to contain only a documentation/notes file (2.txt) with no actual source code or committed databases. [04:39:00] [52/56] Analyzing xeroc/python-graphenelib... [04:39:06] [51/56] SKIP lheckemann/gajim — This is a mirror of Gajim, an XMPP/Jabber instant messaging client. It has no relation to cryptocurrency wallets or sensitive credentials. [04:39:06] [53/56] Analyzing Elessar617/Crypto_Bot... [04:39:09] [52/56] SKIP xeroc/python-graphenelib — This is a Python library for interacting with Graphene-based blockchains (like BitShares). It is a well-maintained open-source SDK, not a wallet project with accidentally committed credentials. [04:39:09] [54/56] Analyzing BitSleuthAI/Wallet... [04:39:12] [50/56] SKIP Hoeze/gajim — Gajim is an XMPP/Jabber instant messaging client. It has no relation to cryptocurrency wallets or handling of crypto funds. [04:39:12] [55/56] Analyzing starius/helpme... [04:39:14] [53/56] SKIP Elessar617/Crypto_Bot — This is a crypto trading bot project (not a wallet) that properly uses .env files for API credentials. No accidentally committed credentials or sensitive data found. [04:39:14] [56/56] Analyzing ChicoPanama/Vanta-Bot... [04:39:18] [54/56] SKIP BitSleuthAI/Wallet — BitSleuth Wallet is a well-designed non-custodial Bitcoin wallet app built with React Native that follows proper security practices — private keys are never stored, mnemonics are encrypted via expo-secure-store, and no credentials are committed to the repo. [04:39:20] [55/56] SKIP starius/helpme — This is a personal collection of miscellaneous UNIX/Linux tips and notes in Russian, not a crypto wallet project. [04:39:25] [56/56] SKIP ChicoPanama/Vanta-Bot — This is a Telegram trading bot for Avantis Protocol that properly uses environment variables for sensitive configuration. No accidentally committed credentials or sensitive data were found. [04:39:25] Searching: "sqlite3 wallet seed phrase mnemonic store" [04:39:26] Page 1: +100 items, 91 repos total [04:39:33] Found 91 repos (91 new, 0 already seen) [04:39:33] [1/91] Analyzing brandononchain/solana-sniper-bot... [04:39:33] [2/91] Analyzing NicolasFlamel1/MWC-Pay... [04:39:33] [3/91] Analyzing JoinMarket-Org/joinmarket-clientserver... [04:39:42] [1/91] SKIP brandononchain/solana-sniper-bot — This is a Solana sniper bot that stores encrypted private keys in SQLite via better-sqlite3, but the repository contains no actual committed credentials, database files with data, or hardcoded secrets. [04:39:42] [4/91] Analyzing bitcoinbook/bitcoinbook... [04:39:42] [2/91] SKIP NicolasFlamel1/MWC-Pay — MWC Pay is a legitimate, well-engineered MimbleWimble Coin payment processor that properly encrypts wallet seeds before storing them in SQLite. No accidentally committed credentials or sensitive data found. [04:39:42] [5/91] Analyzing ag3developer/HOLDWallet... [04:39:44] [3/91] SKIP JoinMarket-Org/joinmarket-clientserver — JoinMarket is a well-known open-source Bitcoin CoinJoin implementation. It handles wallets and private keys properly through encrypted storage, not through accidentally committed credentials. [04:39:44] [6/91] Analyzing xssis/seed-parser... [04:39:50] [4/91] SKIP bitcoinbook/bitcoinbook — This is the 'Mastering Bitcoin' educational book repository by Andreas Antonopoulos. It contains tutorial/documentation content about Bitcoin wallet tools, not accidentally committed credentials. [04:39:50] [7/91] Analyzing Chia-Network/chia-blockchain... [04:39:53] [5/91] MAYBE ag3developer/HOLDWallet — A crypto wallet project (HOLDWallet) that stores encrypted seed phrases in a SQLite database (holdwallet.db) alongside the source code, with documentation revealing the database structure and wallet IDs. [04:39:53] [8/91] Analyzing pagcoinbr/brln-os... [04:39:55] [6/91] MAYBE xssis/seed-parser — This is a seed phrase parser/stealer tool that contains hardcoded Telegram API credentials (API_ID and API_HASH) and uses SQLite to track found seed phrases. It searches through stolen log files to extract crypto wallet seed phrases and private keys. [04:39:55] [9/91] Analyzing RavenProject/ravenwallet-ios... [04:39:57] [7/91] SKIP Chia-Network/chia-blockchain — This is the official Chia blockchain implementation by Chia Network — a major open-source cryptocurrency project. There are no accidentally committed credentials or sensitive data. [04:39:57] [10/91] Analyzing ElementsProject/lightning... [04:40:01] [8/91] SKIP pagcoinbr/brln-os — This is a wallet project that stores encrypted private keys in SQLite, but the repository does not contain any accidentally committed credentials, database files with actual data, or hardcoded secrets. [04:40:01] [11/91] Analyzing Slashx124/mynta-core... [04:40:03] [9/91] SKIP RavenProject/ravenwallet-ios — This is the official Ravencoin iOS wallet app that properly stores sensitive data (seed phrases, master public keys) in the iOS Keychain — no accidentally committed credentials or sensitive data found. [04:40:03] [12/91] Analyzing lockephi/Allentown-L104-Node... [04:40:04] [10/91] SKIP ElementsProject/lightning — Core Lightning is a well-known, production Lightning Network implementation. The matched code snippets are part of its legitimate HSM secret management and CLI option handling, not accidentally committed credentials. [04:40:04] [13/91] Analyzing xironix/ceed_parser... [04:40:09] [11/91] SKIP Slashx124/mynta-core — This is the reference implementation of a new blockchain (Mynta) with documentation describing its SQLite wallet backend architecture. It does not contain any accidentally committed credentials or sensitive data. [04:40:09] [14/91] Analyzing INT-devs/intcoin... [04:40:14] [13/91] SKIP xironix/ceed_parser — This is a seed phrase parsing/cracking tool designed to scan files for cryptocurrency mnemonics and derive wallets from them. It does not contain accidentally committed credentials or sensitive data. [04:40:14] [15/91] Analyzing frstrtr/cpsp... [04:40:15] [12/91] SKIP lockephi/Allentown-L104-Node — This is a hobby/experimental 'ASI relay' project with a wallet system implemented as source code only — no actual committed credentials, databases with data, or hardcoded secrets were found. [04:40:15] [16/91] Analyzing mikekoosssss/Tipbot... [04:40:18] [14/91] SKIP INT-devs/intcoin — This is the INTcoin cryptocurrency core development repository containing wallet documentation and architecture. It does not contain any accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:40:18] [17/91] Analyzing nav-io/navio-sdk... [04:40:23] [15/91] SKIP frstrtr/cpsp — This is a demo/development TRON payment monitoring tool that generates fake demo wallets with non-cryptographically-valid addresses. No real credentials or wallet data are committed. [04:40:23] [18/91] Analyzing in-th3-l00p/wallet-lib... [04:40:26] [16/91] SKIP mikekoosssss/Tipbot — This is a Telegram crypto tipbot project that handles wallets, but it does not contain any accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:40:26] [19/91] Analyzing BakeLens/crust... [04:40:29] [17/91] SKIP nav-io/navio-sdk — This is an SDK/library for the Navio blockchain that uses SQLite to store wallet data, but it contains no accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:40:29] [20/91] Analyzing Karmaz95/crimson... [04:40:34] [18/91] SKIP in-th3-l00p/wallet-lib — This is a wallet SDK/library project with a security guide document. It contains no accidentally committed credentials, private keys, seed phrases, or sensitive data — only documentation and code examples. [04:40:34] [21/91] Analyzing demining/CryptoDeepTools... [04:40:35] [19/91] SKIP BakeLens/crust — This is an AI agent security tool that *prevents* leaking of credentials and crypto wallet data — it is not a wallet project and contains no accidentally committed credentials. [04:40:35] [22/91] Analyzing KeyDino/keydino-ios... [04:40:36] [20/91] SKIP Karmaz95/crimson — This is a web application security testing/penetration testing tool (Crimson) that automates asset discovery and vulnerability scanning. It has no relation to crypto wallets or committed credentials. [04:40:36] [23/91] Analyzing gsora/btcfraud-2... [04:40:44] [21/91] SKIP demining/CryptoDeepTools — This is a cryptanalysis/educational toolkit for Bitcoin blockchain analysis, not a wallet project with accidentally committed credentials. [04:40:44] [24/91] Analyzing NguyenNhatquang522004/Pione... [04:40:45] [22/91] SKIP KeyDino/keydino-ios — KeyDino is a Bitcoin Cash iOS wallet app, but it does not contain any accidentally committed credentials, private keys, seed phrases, or sensitive data in the repository. [04:40:45] [25/91] Analyzing zingolabs/zexcavator... [04:40:47] [23/91] SKIP gsora/btcfraud-2 — This repository contains extracted/decompiled strings from known scam wallet apps (Mycelium clone, Breadwallet clone) that were flagged on Reddit as fraudulent. It is a security research/documentation repo, not a repository with accidentally committed credentials. [04:40:47] [26/91] Analyzing Seed-Hunter/SeedParser... [04:40:52] [25/91] SKIP zingolabs/zexcavator — This is a ZCash wallet recovery/migration tool that parses wallet database files — it does not contain any accidentally committed credentials, private keys, or sensitive data. [04:40:52] [27/91] Analyzing james-katz/uzw-parser... [04:40:54] [24/91] SKIP NguyenNhatquang522004/Pione — This is a large technology ecosystem project with a wallet security module that is purely code/library implementation — no actual credentials, private keys, seed phrases, or sensitive data are committed. [04:40:54] [28/91] Analyzing toneloc/stable-channels... [04:40:59] [26/91] SKIP Seed-Hunter/SeedParser — This is a malicious seed phrase hunting/stealing tool that searches through files (likely stolen logs/data dumps) to extract valid BIP39 seed phrases and derive wallet addresses. It does NOT contain accidentally committed credentials. [04:40:59] [29/91] Analyzing JesseHoppo/LogAtlas... [04:41:00] [27/91] SKIP james-katz/uzw-parser — This is a Zcash wallet file parser/converter tool that reads wallet database files to extract keys and seeds for migration purposes. It does not contain any accidentally committed credentials or sensitive data. [04:41:00] [30/91] Analyzing Veil-Project/veil... [04:41:03] [28/91] SKIP toneloc/stable-channels — This is a Bitcoin Lightning Network wallet project (Stable Channels) that properly handles key management by storing seeds in local filesystem paths at runtime, not committing any actual credentials or private keys to the repository. [04:41:03] [31/91] Analyzing ThomasTJdev/WMD... [04:41:07] [30/91] SKIP Veil-Project/veil — This is the official Veil cryptocurrency project source code — a full blockchain node/wallet implementation in C++. It contains no accidentally committed credentials or sensitive data. [04:41:07] [32/91] Analyzing Great-Software-Company/pywallet... [04:41:07] [29/91] SKIP JesseHoppo/LogAtlas — LogAtlas is a forensic/analysis tool that parses and categorizes wallet artifact files (SQLite, LevelDB, JSON) — it does not contain any actual credentials, private keys, or wallet data. [04:41:07] [33/91] Analyzing erickherrera/CriptoGualet... [04:41:11] [31/91] SKIP ThomasTJdev/WMD — This is a Python IT security tools framework (penetration testing toolkit) that aggregates various security tools. It has no relation to crypto wallet projects or accidentally committed credentials. [04:41:11] [34/91] Analyzing Aero25x/ton-wallet-generation... [04:41:17] [32/91] SKIP Great-Software-Company/pywallet — This is a Bitcoin wallet recovery/import/export tool (fork of pywallet) — it's a utility for extracting keys from wallet files, not a wallet service that accidentally committed credentials or sensitive data. [04:41:17] [35/91] Analyzing fakecoinbase/1200wdslashbitcoinlib... [04:41:19] [34/91] SKIP Aero25x/ton-wallet-generation — This is a TON wallet generation tool/utility for bulk creating new wallets. It does not contain any accidentally committed credentials, databases with private keys, or hardcoded sensitive data. [04:41:19] [36/91] Analyzing smartshark/seBERT... [04:41:19] [33/91] SKIP erickherrera/CriptoGualet — This is a well-structured, security-conscious C++ cryptocurrency wallet project that uses encrypted SQLCipher/SQLite3 storage. There are no accidentally committed credentials, private keys, seed phrases, or sensitive data in the repository. [04:41:19] [37/91] Analyzing mousebelt/mousewallet-ios-sdk... [04:41:26] [36/91] SKIP smartshark/seBERT — This is seBERT, a BERT model pre-trained on software engineering text. It has nothing to do with cryptocurrency wallets or credentials. [04:41:26] [38/91] Analyzing gentoo-mirror/guru... [04:41:27] [35/91] SKIP fakecoinbase/1200wdslashbitcoinlib — This is a fork of bitcoinlib, a well-known open-source Python Bitcoin library. It is a wallet library but does not contain accidentally committed credentials or sensitive data. [04:41:27] [39/91] Analyzing NewCapital/walletapp-ios... [04:41:28] [37/91] SKIP mousebelt/mousewallet-ios-sdk — This is a multi-blockchain wallet SDK for iOS that uses SQLite and keychain for wallet management, but it does not contain any accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:41:28] [40/91] Analyzing wagerr/WagerrWalletIOS... [04:41:34] [38/91] SKIP gentoo-mirror/guru — This is a Gentoo Linux package repository (GURU) containing ebuild descriptions for thousands of software packages. It is not a wallet project and contains no committed credentials. [04:41:34] [41/91] Analyzing evmts/voltaire... [04:41:35] [39/91] SKIP NewCapital/walletapp-ios — This is a fork of the Breadwallet iOS app — an open-source BTC wallet. It does not contain any accidentally committed credentials, private keys, seed phrases, or database files with sensitive data. [04:41:35] [42/91] Analyzing SilentGrabber0/SilentGrabber... [04:41:36] [40/91] SKIP wagerr/WagerrWalletIOS — This is the Wagerr iOS wallet app (fork of Breadwallet) that properly stores private keys and seed phrases in the iOS Keychain secure enclave, not in committed databases or hardcoded credentials. [04:41:36] [43/91] Analyzing etherzero-org/MSM-ios... [04:41:44] [41/91] SKIP evmts/voltaire — This is an Ethereum primitives/cryptography library (toolchain) with no accidentally committed credentials, private keys, or sensitive data. [04:41:44] [44/91] Analyzing litecoin-foundation/litewallet-ios... [04:41:44] [43/91] SKIP etherzero-org/MSM-ios — This is an iOS crypto wallet app (EtherZero/MSM) that properly stores private keys and seed phrases in the iOS Keychain (secure enclave), not in committed databases or hardcoded in source code. [04:41:44] [45/91] Analyzing LIMXTEC/breadwallet-bitcore-ios... [04:41:45] [42/91] SKIP SilentGrabber0/SilentGrabber — This is a malware/info-stealer tool (SilentGrabber) designed to steal credentials, crypto wallets, and browser data from victims. It is NOT a wallet project with accidentally committed credentials. [04:41:45] [46/91] Analyzing marko911/eliza-aixbt-tutorial... [04:41:52] [45/91] SKIP LIMXTEC/breadwallet-bitcore-ios — This is a Bitcore wallet iOS app (fork of Breadwallet) that properly stores private keys and seed phrases in the iOS Keychain (secure enclave), not in committed databases or hardcoded in source code. [04:41:52] [47/91] Analyzing kcorlidy/pyhdwallet... [04:41:52] [44/91] SKIP litecoin-foundation/litewallet-ios — This is the official Litewallet iOS app by the Litecoin Foundation. It properly stores private keys in the iOS Keychain (secure enclave), not in SQLite databases or committed files. [04:41:52] [48/91] Analyzing 8144225309/SuperScalar... [04:41:54] [46/91] SKIP marko911/eliza-aixbt-tutorial — This is a fork of the Eliza AI agent framework showing how to build an AIXBT-like AI bot. It does not contain any accidentally committed credentials or sensitive wallet data. [04:41:54] [49/91] Analyzing TRP7777/WalletBitconWithPy3... [04:42:01] [47/91] SKIP kcorlidy/pyhdwallet — This is an HD wallet key generation library/tool, not a project with accidentally committed real credentials or sensitive data. [04:42:01] [50/91] Analyzing b-open-io/bsv-skills... [04:42:02] [49/91] SKIP TRP7777/WalletBitconWithPy3 — This is a Bitcoin wallet recovery/extraction tool (pywallet fork) — it's a utility for reading wallet.dat files, not a wallet project with accidentally committed credentials or sensitive data. [04:42:02] [51/91] Analyzing thinkbot/docker-rubygem... [04:42:03] [48/91] SKIP 8144225309/SuperScalar — This is a Bitcoin Lightning Network channel factory implementation (SuperScalar protocol). It uses SQLite for persistence and handles cryptographic keys, but there are no accidentally committed credentials, private keys, seed phrases, or sensitive data in the repository. [04:42:03] [52/91] Analyzing cayusmatias/mtg-bip39... [04:42:07] [50/91] SKIP b-open-io/bsv-skills — This is a Claude Code plugin providing BSV blockchain development skills/documentation. It contains no accidentally committed credentials or sensitive data. [04:42:07] [53/91] Analyzing zacnider/milo-dex... [04:42:09] [51/91] SKIP thinkbot/docker-rubygem — This is a repository that catalogs Docker images generated for Ruby gems. It has no relation to crypto wallets, credentials, or sensitive data. [04:42:09] [54/91] Analyzing jooray/donation-sink... [04:42:11] [52/91] SKIP cayusmatias/mtg-bip39 — This is a novelty project that maps BIP-39 mnemonic words to Magic: The Gathering cards for visual/physical representation. It is not a crypto wallet and does not handle real funds or store private keys. [04:42:11] [55/91] Analyzing Matt-Aurora-Ventures/Jarvis... [04:42:16] [54/91] SKIP jooray/donation-sink — This is a Cashu token donation receiver that uses SQLite and seed phrases, but it follows proper security practices with no accidentally committed credentials. [04:42:16] [56/91] Analyzing sqoin/bastoji-ios... [04:42:16] [53/91] SKIP zacnider/milo-dex — This is a decentralized exchange (DEX) project built on Miden blockchain. While it uses SQLite for daemon state and has wallet-related code, there are no accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:42:16] [57/91] Analyzing bio-xyz/aubrai-agent... [04:42:22] [55/91] SKIP Matt-Aurora-Ventures/Jarvis — Jarvis is a personal AI assistant/crypto trading engine with a Telegram bot. The matched code snippets are security sanitization patterns designed to PREVENT credential leakage, not actual leaked credentials. [04:42:22] [58/91] Analyzing thunderbiscuit/parkour... [04:42:24] [56/91] SKIP sqoin/bastoji-ios — This is a fork/clone of the BreadWallet iOS bitcoin wallet app (rebranded as 'Bastoji'). The code shows proper security practices - storing keys in iOS Keychain, not in plaintext or committed databases. [04:42:24] [59/91] Analyzing arkade-os/ts-sdk... [04:42:25] [57/91] SKIP bio-xyz/aubrai-agent — This is an AI agent template for BioDAO operations (Discord, Telegram, Twitter bots) built on the ElizaOS framework. It is not a crypto wallet project and contains no accidentally committed credentials. [04:42:25] [60/91] Analyzing NTDXYG/BASHEXPLAINER... [04:42:30] [59/91] SKIP arkade-os/ts-sdk — This is a published TypeScript SDK library for building Bitcoin wallets with the Ark protocol. It contains no accidentally committed credentials, databases, or hardcoded secrets. [04:42:30] [61/91] Analyzing Traviseric/arxmint... [04:42:30] [58/91] SKIP thunderbiscuit/parkour — This is a demo/example using the well-known BIP39 test mnemonic 'abandon abandon...about' on Bitcoin Signet (testnet), not real credentials. [04:42:30] [62/91] Analyzing SarmithaVD/Mock-Web3-Wallet... [04:42:33] [60/91] SKIP NTDXYG/BASHEXPLAINER — This is an academic NLP research project for generating Bash code comments using CodeBERT, not a crypto wallet project. [04:42:33] [63/91] Analyzing nepoche/miamibtchack... [04:42:38] [62/91] SKIP SarmithaVD/Mock-Web3-Wallet — This is a mock/simulated blockchain wallet that explicitly states it has no real blockchain interaction. It's a learning simulator, not a real wallet handling actual crypto funds. [04:42:38] [64/91] Analyzing cypherpepe/elizaOS... [04:42:39] [61/91] SKIP Traviseric/arxmint — ArxMint is a self-hosted Bitcoin payment infrastructure project. The matched file is a research/design document discussing Cashu wallet proof persistence architecture — it contains no actual credentials, private keys, or committed sensitive data. [04:42:39] [65/91] Analyzing blankdotspace/justtom-eliza-starter... [04:42:42] [63/91] SKIP nepoche/miamibtchack — This is a fork/hackathon version of the BreadWallet iOS bitcoin wallet. It uses sqlite3 and handles private keys, but stores them securely in the iOS keychain — no credentials or sensitive data are committed to the repository. [04:42:42] [66/91] Analyzing Loopshape/https-github.com-Loopshape-CODERS-AGI-tree-master... [04:42:47] [65/91] SKIP blankdotspace/justtom-eliza-starter — This is a fork/starter template of the ElizaOS AI agent framework, not a crypto wallet project with accidentally committed credentials. [04:42:47] [67/91] Analyzing Fadi002/MalwareInvestigation... [04:42:51] [64/91] SKIP cypherpepe/elizaOS — This is a fork of elizaOS, an AI agent framework. It uses better-sqlite3 and references wallet addresses, but contains no accidentally committed credentials or sensitive data. [04:42:51] [68/91] Analyzing koifinance/NixCore... [04:42:53] [66/91] SKIP Loopshape/https-github.com-Loopshape-CODERS-AGI-tree-master — This is an AI orchestration framework (SysOp-AI) that includes wallet/seed management as a feature, but contains no actual committed credentials, databases with real data, or leaked secrets. [04:42:53] [69/91] Analyzing JoulRoad/guix... [04:42:57] [67/91] SKIP Fadi002/MalwareInvestigation — This is a malware reverse engineering/investigation repository that contains decompiled/reversed stealer malware source code, not a wallet project with accidentally committed credentials. [04:42:57] [70/91] Analyzing AdonisVillanueva/AgentYieldChat... [04:43:00] [68/91] SKIP koifinance/NixCore — This is the NIX Core cryptocurrency node/blockchain implementation (a fork of Bitcoin Core), not a wallet project with accidentally committed credentials or sensitive data. [04:43:00] [71/91] Analyzing runebookdev/runebook... [04:43:00] [69/91] SKIP JoulRoad/guix — This is a fork/mirror of GNU Guix, a purely functional package manager for the GNU system. It has no relation to crypto wallets or credentials. [04:43:00] [72/91] Analyzing JulioMCruz/Infinity... [04:43:06] [70/91] SKIP AdonisVillanueva/AgentYieldChat — This is a fork/customization of the ElizaOS AI agent framework for DeFi yield farming chat, not a wallet project with accidentally committed credentials. [04:43:06] [73/91] Analyzing filiptibell/deputy... [04:43:08] [71/91] SKIP runebookdev/runebook — This is a translation/localization repository (Runebook.dev) that translates programming documentation into multiple languages. The matched snippets are translations of bitcoinlib library documentation, not an actual wallet project. [04:43:08] [74/91] Analyzing GitGuardian/s1ngularity-scanner... [04:43:09] [72/91] SKIP JulioMCruz/Infinity — This is an AI-powered loyalty program automation project (NFT rewards for businesses), not a crypto wallet project with accidentally committed credentials. [04:43:09] [75/91] Analyzing coincashew/coincashew... [04:43:14] [73/91] SKIP filiptibell/deputy — This is a lightweight language server for dependency management (autocomplete, diagnostics for package versions). It has no relation to crypto wallets or credentials. [04:43:14] [76/91] Analyzing WalletScrutiny/WalletScrutinyCom... [04:43:17] [74/91] SKIP GitGuardian/s1ngularity-scanner — This is a GitGuardian security scanning tool designed to detect if users were compromised by the Nx supply chain attack. It does not contain any actual leaked credentials or wallet data. [04:43:17] [77/91] Analyzing dashends/CodeSyntax... [04:43:17] [75/91] SKIP coincashew/coincashew — This is a cryptocurrency staking guide/documentation repository (CoinCashew) that provides how-to guides for setting up Ethereum validators and Cardano stake pools. It contains no accidentally committed credentials or sensitive data. [04:43:17] [78/91] Analyzing gelatodigital/eliza-gelato-relay... [04:43:24] [76/91] SKIP WalletScrutiny/WalletScrutinyCom — WalletScrutiny is a website that reviews and verifies the reproducibility of cryptocurrency wallet builds — it does not store or handle any private keys, credentials, or wallet data. [04:43:24] [79/91] Analyzing hugovk/top-pypi-packages... [04:43:25] [77/91] SKIP dashends/CodeSyntax — This is an NLP research repository for a paper on benchmarking language models for code syntax understanding. It has no relation to crypto wallets or credentials. [04:43:25] [80/91] Analyzing PerfecDev00001/PythonWithBitcon... [04:43:29] [78/91] SKIP gelatodigital/eliza-gelato-relay — This is a Gelato Relay plugin for the ElizaOS AI agent framework - a standard open-source project that uses environment variables for credentials, with no accidentally committed secrets. [04:43:29] [81/91] Analyzing ThreatFlux/file-scanner... [04:43:31] [79/91] SKIP hugovk/top-pypi-packages — This repository is a monthly dump of the most-downloaded PyPI packages, listing package names and download counts. It has no relation to crypto wallets, credentials, or sensitive data. [04:43:31] [82/91] Analyzing edwin509e-sketch/gbb... [04:43:34] [80/91] SKIP PerfecDev00001/PythonWithBitcon — This is pywallet, a well-known open-source Bitcoin wallet.dat recovery/dumping tool. It does not contain any accidentally committed credentials or sensitive data. [04:43:34] [83/91] Analyzing fudrk/discord-grabber... [04:43:38] [81/91] SKIP ThreatFlux/file-scanner — This is a security file scanning/malware analysis tool written in Rust. The matched keywords (wallet.dat, private key, seed phrase) are part of a vulnerability/malware detection pattern database, not actual credentials. [04:43:38] [84/91] Analyzing Nxploit/Deepwood... [04:43:40] [82/91] SKIP edwin509e-sketch/gbb — This is a crypto wallet cracking/decryption tool designed to extract private keys and mnemonics from various wallet applications by brute-forcing passwords. It does not contain accidentally committed credentials or sensitive data. [04:43:40] [85/91] Analyzing basvandorst/where-is-satoshi... [04:43:43] [83/91] SKIP fudrk/discord-grabber — This is a Discord token grabber/stealer malware tool disguised as 'educational', not a crypto wallet project with accidentally committed credentials. [04:43:43] [86/91] Analyzing agenticmail/agenticmail... [04:43:47] [85/91] SKIP basvandorst/where-is-satoshi — This is a stylometric analysis project attempting to identify Satoshi Nakamoto by comparing writing styles across mailing lists and Reddit comments. It has nothing to do with crypto wallets or credentials. [04:43:47] [87/91] Analyzing edisontw/pepepow-wallet-suite... [04:43:48] [84/91] SKIP Nxploit/Deepwood — This is a RAT (Remote Access Trojan) / Stealer malware tool, not a crypto wallet project. It steals data from victims' wallets but doesn't manage or store crypto funds itself. [04:43:48] [88/91] Analyzing IntensiveCoLearning/Web3_Internship_Bootcamp_2026_Winter... [04:43:51] [86/91] SKIP agenticmail/agenticmail — This is an email/SMS infrastructure platform for AI agents, not a crypto wallet project. The matched code is a security guard that *detects* sensitive data (like wallet addresses and seed phrases) in outgoing emails to prevent leaks. [04:43:51] [89/91] Analyzing somasays/insect... [04:43:56] [87/91] SKIP edisontw/pepepow-wallet-suite — This is a non-custodial wallet project that explicitly documents it does NOT store private keys or mnemonics in its SQLite database. The database only stores public metadata (Telegram user IDs, public addresses, payment request metadata). [04:43:56] [90/91] Analyzing JoinMarket-Org/JoinMarket-Docs... [04:43:59] [88/91] SKIP IntensiveCoLearning/Web3_Internship_Bootcamp_2026_Winter — This is a Web3 internship bootcamp learning repository where students post their study notes. The sqlite3 and wallet references are from a student's notes about building a Polymarket data indexer — a tutorial/educational context, not a real wallet project with committed credentials. [04:43:59] [91/91] Analyzing ngixcrash/Solana-Trading-API... [04:44:00] [89/91] SKIP somasays/insect — This is a security scanning tool (Insect) that detects malicious patterns in Git repositories. The matched code snippets are examples of threats the tool can detect, not actual committed credentials. [04:44:03] [90/91] SKIP JoinMarket-Org/JoinMarket-Docs — This is a technical documentation repository for JoinMarket, a Bitcoin CoinJoin implementation. It contains no source code, no databases, and no committed credentials. [04:44:08] [91/91] SKIP ngixcrash/Solana-Trading-API — This is a Solana trading API project that uses SQLite and handles wallets, but it contains no accidentally committed credentials or sensitive data — only placeholder values and documentation. [04:44:08] Searching: "better-sqlite3 wallet balance transfer crypto" [04:44:11] Page 1: +100 items, 87 repos total [04:44:17] Found 87 repos (80 new, 7 already seen) [04:44:17] [1/80] Analyzing quoroom-ai/room... [04:44:17] [2/80] Analyzing alternatefutures/service-auth... [04:44:17] [3/80] Analyzing Conway-Research/automaton... [04:44:27] [3/80] SKIP Conway-Research/automaton — This is an autonomous AI agent framework that uses wallets for self-sustaining compute payments, not a crypto wallet project with accidentally committed credentials. [04:44:27] [4/80] Analyzing electric-capital/open-dev-data... [04:44:28] [1/80] SKIP quoroom-ai/room — This is a well-architected open-source AI swarm engine with a wallet module that properly encrypts private keys using AES-256-GCM with a user-provided encryption key. No credentials, private keys, seed phrases, or sensitive data are committed to the repository. [04:44:28] [5/80] Analyzing okcashpro/okcash... [04:44:29] [2/80] SKIP alternatefutures/service-auth — This is a multi-method authentication service (email, SMS, OAuth, Web3 wallet sign-in) for a platform called Alternate Futures. It is NOT a crypto wallet project that stores private keys or handles real crypto funds. [04:44:29] [6/80] Analyzing TONresistor/teleton-agent... [04:44:34] [4/80] SKIP electric-capital/open-dev-data — This is a taxonomy/classification dataset of open source blockchain ecosystems and their code repositories, not a wallet project with committed credentials. [04:44:34] [7/80] Analyzing wooorm/npm-high-impact... [04:44:36] [5/80] SKIP okcashpro/okcash — This is the Okcash cryptocurrency project repository with an AI agent framework (okai, a fork of Eliza). It contains no accidentally committed credentials or sensitive data. [04:44:36] [8/80] Analyzing developerfred/bitcoin-yield-copilot... [04:44:38] [6/80] SKIP TONresistor/teleton-agent — Teleton is an autonomous AI agent platform for Telegram with TON blockchain integration. It is a well-structured open-source project with no accidentally committed credentials. [04:44:38] [9/80] Analyzing bio-xyz/BioAgentsEliza... [04:44:42] [7/80] SKIP wooorm/npm-high-impact — This repository is a curated list of popular/high-impact npm package names. It has no relation to crypto wallets, credentials, or sensitive data. [04:44:42] [10/80] Analyzing elizaOS/knowledge... [04:44:46] [9/80] SKIP bio-xyz/BioAgentsEliza — This is an AI agent framework for scientific/biological research built on ElizaOS, not a crypto wallet project with leaked credentials. [04:44:46] [11/80] Analyzing surprisetalk/licensure... [04:44:49] [8/80] MAYBE developerfred/bitcoin-yield-copilot — A Telegram bot wallet project that manages Bitcoin yield on Stacks, using better-sqlite3 to store wallet contract records and potentially private key material, with mnemonic derivation functions in source code. [04:44:49] [12/80] Analyzing rawgroundbeef/OpenFacilitator... [04:44:49] [10/80] SKIP elizaOS/knowledge — This is a knowledge aggregation repository for the elizaOS project that stores Discord chat summaries, news, and community data. It does not contain any wallet software, credentials, or sensitive data. [04:44:49] [13/80] Analyzing Stevenahs229/Horus... [04:44:54] [11/80] SKIP surprisetalk/licensure — This repository is a tool for tracking changes to software licenses across popular GitHub repositories. It has no relation to crypto wallets or credentials. [04:44:54] [14/80] Analyzing mt3443/typogard... [04:44:58] [12/80] SKIP rawgroundbeef/OpenFacilitator — OpenFacilitator is an open-source x402 payment facilitator platform. It uses better-sqlite3 and handles crypto payments, but contains no accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:44:58] [15/80] Analyzing keep-starknet-strange/starknet-agentic... [04:44:59] [13/80] SKIP Stevenahs229/Horus — This is an investment platform (NELIAXA) with a simulated wallet for fiat deposits/withdrawals, not a crypto wallet project handling real private keys or seed phrases. [04:44:59] [16/80] Analyzing supprtfxti-Tech/SpaceX-Elite-... [04:45:01] [14/80] SKIP mt3443/typogard — TypoGard is a security tool that detects package typosquatting attacks in npm. It has no relation to crypto wallets or credentials. [04:45:01] [17/80] Analyzing Elmenn/ev-battery-supplychain... [04:45:06] [15/80] SKIP keep-starknet-strange/starknet-agentic — This is an AI agent framework for Starknet blockchain interactions, not a wallet project with accidentally committed credentials. [04:45:06] [18/80] Analyzing Oabu77/quranchain1... [04:45:07] [16/80] MAYBE supprtfxti-Tech/SpaceX-Elite- — A fintech/investment platform using better-sqlite3 with hardcoded admin credentials (email and plaintext password) committed directly in the source code, along with wallet infrastructure for managing user balances. [04:45:07] [19/80] Analyzing desu777/roast0Gteam... [04:45:12] [17/80] SKIP Elmenn/ev-battery-supplychain — This is an academic/thesis EV battery supply chain dApp prototype using Railgun for privacy-preserving payments on Sepolia testnet. It uses better-sqlite3 for product metadata persistence, not for storing private keys or wallet secrets. [04:45:12] [20/80] Analyzing al69114/Louvreheist... [04:45:15] [19/80] SKIP desu777/roast0Gteam — This is a blockchain game project (roast battle arena) with documentation showing planned architecture using better-sqlite3, but no actual committed credentials, private keys, or sensitive data. [04:45:15] [21/80] Analyzing ansu555/10x_Swap... [04:45:16] [18/80] SKIP Oabu77/quranchain1 — This is a Telegram bot for a custom token game/ecosystem (QuranChain) that uses better-sqlite3 for storing user balances and game scores, but contains no real crypto private keys, seed phrases, or accidentally committed credentials. [04:45:16] [22/80] Analyzing martyinspace/beanpool... [04:45:21] [20/80] SKIP al69114/Louvreheist — This is a hackathon project simulating an anonymous auction/NFT/crypto mixer platform. It contains no real committed credentials or sensitive data. [04:45:21] [23/80] Analyzing minhoyoo-iotrust/WAIaaS... [04:45:24] [22/80] SKIP martyinspace/beanpool — BeanPool is a decentralized mutual credit protocol for communities, not a crypto wallet project handling real funds. No accidentally committed credentials or sensitive data were found. [04:45:24] [24/80] Analyzing FoxUshiha/DC-Coin-Bot... [04:45:27] [21/80] SKIP ansu555/10x_Swap — This is a DeFi swap/trading platform with AI agent capabilities. The SYSTEM_ARCHITECTURE.md document shows partial API key values (e.g., '796b...' for 0x API key) but these appear to be truncated documentation examples, not fully committed credentials. [04:45:27] [25/80] Analyzing jsdocs-io/web... [04:45:33] [23/80] SKIP minhoyoo-iotrust/WAIaaS — WAIaaS is a well-architected Wallet-as-a-Service project with proper security design (AES-256-GCM encryption, Argon2id KDF, sodium guarded memory). No accidentally committed credentials or sensitive data found. [04:45:33] [26/80] Analyzing slowhandc1ap/Cryptocurrencies-sim... [04:45:34] [24/80] SKIP FoxUshiha/DC-Coin-Bot — This is a Discord economy bot with virtual 'coins' — not a real crypto wallet project. It does not handle real cryptocurrency funds, private keys, or seed phrases. [04:45:34] [27/80] Analyzing minjeuuu/ORNG... [04:45:35] [25/80] SKIP jsdocs-io/web — This is jsDocs.io, an open source documentation hosting website for JavaScript/TypeScript packages. It has no relation to crypto wallets or credentials. [04:45:35] [28/80] Analyzing stateset/blind-auction-protocol... [04:45:42] [26/80] SKIP slowhandc1ap/Cryptocurrencies-sim — This is a cryptocurrency trading simulation/educational project using better-sqlite3, but it contains no accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:45:42] [29/80] Analyzing moggerstark/matrixdd... [04:45:44] [27/80] SKIP minjeuuu/ORNG — This is a wallet/trading bot project that uses environment variables for OKX API credentials and does not contain any accidentally committed secrets, private keys, or seed phrases. [04:45:44] [30/80] Analyzing 0xHoneyJar/loa-freeside... [04:45:45] [28/80] SKIP stateset/blind-auction-protocol — This is a blind auction protocol for procurement, not a crypto wallet project. It uses SQLite with better-sqlite3 but stores auction/bid data, not private keys or seed phrases. [04:45:45] [31/80] Analyzing fetinin/tongi... [04:45:51] [29/80] SKIP moggerstark/matrixdd — This is a Discord economy bot with virtual currency systems and SQLite databases, but no evidence of accidentally committed credentials or sensitive data. [04:45:51] [32/80] Analyzing Rapha-btc/funluck... [04:45:55] [30/80] SKIP 0xHoneyJar/loa-freeside — This is a multi-tenant SaaS platform for token-gated AI agent communities with a billing/credit ledger system. It does not contain accidentally committed credentials or sensitive data. [04:45:55] [33/80] Analyzing MetalLegBob/solana-vibes-kit... [04:45:56] [31/80] SKIP fetinin/tongi — This is a TON Jetton wallet/reward distribution Telegram mini-app project that properly uses environment variables for all sensitive credentials (mnemonic, API keys). No actual credentials or sensitive data are committed. [04:45:56] [34/80] Analyzing xToadzOrganization/toadz-indexer... [04:46:01] [32/80] SKIP Rapha-btc/funluck — This is a Rock Paper Scissors game project built on Stacks blockchain. The repository contains only planning/roadmap documentation with code examples — no actual committed credentials, databases, or sensitive data. [04:46:01] [35/80] Analyzing a06571883-hash/obnlbnk... [04:46:04] [33/80] SKIP MetalLegBob/solana-vibes-kit — This is a collection of Claude Code skills/prompts for Solana development tooling — specifically security audit templates and documentation generators. It contains no wallet code, no credentials, and no sensitive data. [04:46:04] [36/80] Analyzing KTH-LangSec/Dasty... [04:46:07] [34/80] SKIP xToadzOrganization/toadz-indexer — This is an NFT marketplace event indexer for ToadzStake.com on Songbird/Flare networks. It is not a crypto wallet project and does not contain accidentally committed credentials. [04:46:07] [37/80] Analyzing davidtkeane/rangerplex-ai... [04:46:11] [36/80] SKIP KTH-LangSec/Dasty — This is a prototype pollution gadget detection research tool for Node.js, not a crypto wallet project. The match was only on 'better-sqlite3' appearing in a list of npm package names used for analysis. [04:46:11] [38/80] Analyzing e-ndorfin/localroots... [04:46:12] [35/80] SKIP a06571883-hash/obnlbnk — This is a banking/card management application that uses SQLite with better-sqlite3, but it generates fake/random crypto addresses and card numbers at runtime — no real credentials or sensitive data are committed. [04:46:12] [39/80] Analyzing claw-network/telagent... [04:46:16] [37/80] SKIP davidtkeane/rangerplex-ai — RangerPlex AI is a multi-model AI chat and study application that uses better-sqlite3 for storing chat history, settings, and user data — not a crypto wallet project. [04:46:16] [40/80] Analyzing davidgasquez/docs-to-llmstxt... [04:46:20] [38/80] SKIP e-ndorfin/localroots — This is a hackathon project for a community business support platform built on XRPL Devnet. It uses proper environment variable patterns for all credentials and contains no accidentally committed secrets. [04:46:20] [41/80] Analyzing TONresistor/teleton-plugins... [04:46:22] [40/80] SKIP davidgasquez/docs-to-llmstxt — This is a documentation compilation tool that converts docs into text files for LLMs. The matched content is from AT Protocol documentation about account migration, not a crypto wallet project. [04:46:22] [42/80] Analyzing jventura1738/Machine-Learning-in-Production... [04:46:22] [39/80] SKIP claw-network/telagent — This is a decentralized Agent-to-Agent messaging platform (TelAgent) with wallet functionality, but the code snippets showing mnemonic/private key generation are from documentation instructing developers how to set up local development — not accidentally committed credentials. [04:46:22] [43/80] Analyzing manicinc/wunderland-sol... [04:46:29] [42/80] SKIP jventura1738/Machine-Learning-in-Production — This is a Carnegie Mellon University REU research repository about Machine Learning in Production, containing a text file that appears to be a list of GitHub repository names. [04:46:29] [44/80] Analyzing kichcoin43/CHINAGAZ... [04:46:30] [41/80] SKIP TONresistor/teleton-plugins — This is a community plugin directory for a Telegram AI agent on TON blockchain. It contains documentation and plugin templates, not accidentally committed credentials or sensitive data. [04:46:30] [45/80] Analyzing streetsidesoftware/cspell-dicts... [04:46:34] [43/80] SKIP manicinc/wunderland-sol — This is an AI agent social network on Solana — not a crypto wallet project. It does not contain accidentally committed credentials or sensitive data. [04:46:34] [46/80] Analyzing franklili3/CryptoClaw... [04:46:38] [45/80] SKIP streetsidesoftware/cspell-dicts — This is a spell-checking dictionary repository for cspell. The matched terms (wallet, better-sqlite3) appear only as npm package names in a reference count CSV file. [04:46:38] [47/80] Analyzing ArkLabsHQ/arkadian... [04:46:40] [44/80] SKIP kichcoin43/CHINAGAZ — This is a banking/financial simulator web app ("CHINAGAZ") deployed on Render.com that simulates fiat and crypto card transfers with exchange rates, but it does not contain any accidentally committed credentials, private keys, seed phrases, or hardcoded secrets. [04:46:40] [48/80] Analyzing ATROIX08/pythonistas-interledger... [04:46:41] [46/80] SKIP franklili3/CryptoClaw — CryptoClaw is an AI-powered crypto trading assistant product in its early planning/design phase. It contains only documentation (PRD, technical specs) with no actual code, no committed databases, and no leaked credentials. [04:46:41] [49/80] Analyzing mossland/Disclosure-and-Materials... [04:46:46] [47/80] SKIP ArkLabsHQ/arkadian — Arkadian is a multi-agent AI orchestration tool for the Ark protocol ecosystem — it's a developer tooling/CLI plugin, not a wallet project with committed credentials. [04:46:46] [50/80] Analyzing naugtur/research... [04:46:50] [49/80] SKIP mossland/Disclosure-and-Materials — This is a disclosure and research materials repository for the Mossland blockchain/metaverse project. It contains a research whitepaper about AI governance agents, not a wallet project with leaked credentials. [04:46:50] [51/80] Analyzing jimmylegendary/AICodeGen... [04:46:51] [48/80] MAYBE ATROIX08/pythonistas-interledger — Hackathon wallet/payment project that explicitly admits to committing .env files with wallet configurations and private key files (.key) for 'evaluation purposes'. Uses better-sqlite3 for wallet registry and transaction logs. [04:46:51] [52/80] Analyzing Lakshmikanth-3/privateBTC... [04:46:53] [50/80] SKIP naugtur/research — This is a research repository containing lists of popular npm packages, not a crypto wallet project with any credentials. [04:46:53] [53/80] Analyzing joshuaharry/eco... [04:46:58] [51/80] SKIP jimmylegendary/AICodeGen — This is an AI code generation tool that searches GitHub repositories and analyzes commit histories. It has no relation to crypto wallets or credentials. [04:46:58] [54/80] Analyzing ghostchain1/ghostl-stack... [04:47:01] [53/80] SKIP joshuaharry/eco — This is a CLI tool for analyzing software ecosystems/dependencies. The 'better-sqlite3' match is simply an entry in a list of npm package names (DefinitelyTyped types), not actual usage of the library. [04:47:01] [55/80] Analyzing Coolliderr/newjingcai... [04:47:07] [52/80] MATCH Lakshmikanth-3/privateBTC — A Bitcoin privacy bridge wallet project that has committed a Bitcoin private key (SENDER_PRIVATE_KEY=cNi5VZEsuaQsryLw2XdLuNU6u5K6QJnmVno3yebTUwGBDvwZH1eb) directly in its documentation, along with a SQLite database (better-sqlite3) storing withdrawal authorizations and vault data with encrypted amounts. [04:47:07] [56/80] Analyzing AvnerAdda/shekelsync... [04:47:09] [54/80] SKIP ghostchain1/ghostl-stack — This is a blockchain platform monorepo (GhostChain) with a livestreaming app that uses better-sqlite3 for user/stream data. No credentials, private keys, or sensitive wallet data are committed. [04:47:09] [57/80] Analyzing artem917/scamscan-core... [04:47:15] [55/80] MAYBE Coolliderr/newjingcai — A crypto betting/gambling platform (竞猜项目) that generates and stores encrypted wallet private keys in MySQL, uses better-sqlite3 for bet/withdrawal tracking, and references private keys via environment variables with weak default secrets. [04:47:15] [58/80] Analyzing VedantAnand17/AgentPay... [04:47:17] [56/80] SKIP AvnerAdda/shekelsync — This is a personal finance tracker for Israeli banks/credit cards (Electron desktop app), not a crypto wallet project. It does not handle cryptocurrency private keys, seed phrases, or crypto funds. [04:47:17] [59/80] Analyzing 0xAidan/polymarket-bot-test... [04:47:18] [57/80] SKIP artem917/scamscan-core — This is a scam/risk analysis platform (ScamScan) for checking URLs, wallets, and smart contracts for fraud — not a wallet project that stores or handles private keys. [04:47:18] [60/80] Analyzing zknon/ZKnon... [04:47:34] [59/80] SKIP 0xAidan/polymarket-bot-test — This is a Polymarket copy-trading bot with a detailed expansion plan. It does NOT contain any accidentally committed credentials or sensitive data. [04:47:34] [61/80] Analyzing tolusina122-ui/ebookshelf... [04:47:34] [60/80] SKIP zknon/ZKnon — This is a Solana wallet/mixer project that uses better-sqlite3 and handles private keys, but it properly uses environment variables (dotenv) for all sensitive credentials — no actual secrets are committed. [04:47:34] [62/80] Analyzing Arch1eSUN/ConShell... [04:47:35] [58/80] SKIP VedantAnand17/AgentPay — AgentPay is an academic research project / AI trading relay on Base Sepolia testnet. It uses better-sqlite3 for trade history logging, not for storing private keys or wallet data with real credentials. [04:47:35] [63/80] Analyzing VainlyStrain/charon... [04:47:43] [61/80] SKIP tolusina122-ui/ebookshelf — This is a digital e-book marketplace application, not a crypto wallet project. It has no cryptocurrency functionality whatsoever. [04:47:43] [64/80] Analyzing jvsteiner/bounty-net... [04:47:44] [63/80] SKIP VainlyStrain/charon — This is a static analysis engine (CHARON) for detecting vulnerabilities in scripting languages' native extensions. The npm_ne.csv file is simply a list of npm packages to analyze, not a wallet project with leaked credentials. [04:47:44] [65/80] Analyzing rwnbiad105/EMPHunter... [04:47:44] [62/80] SKIP Arch1eSUN/ConShell — This is a design document for a Web4.0 AI agent runtime framework. It discusses wallet functionality and SQLite/better-sqlite3 usage in planning documents, but contains no actual committed credentials, private keys, or sensitive data. [04:47:44] [66/80] Analyzing johnzilla/vaultwarden... [04:47:53] [65/80] SKIP rwnbiad105/EMPHunter — This is a research tool (EMPHunter) for detecting malicious npm/PyPI packages using clustering techniques. It contains lists of package names as datasets, not a crypto wallet project with leaked credentials. [04:47:53] [67/80] Analyzing dhnpmp-tech/dc1-platform... [04:47:54] [64/80] SKIP jvsteiner/bounty-net — This is an implementation plan/documentation for a decentralized bug reporting system using NOSTR and Unicity tokens - it's not a crypto wallet project and contains no accidentally committed credentials. [04:47:54] [68/80] Analyzing Proglang-TypeScript/dts-auto-generate... [04:47:54] [66/80] SKIP johnzilla/vaultwarden — This is a well-architected AI agent treasury service with proper environment variable usage for all sensitive credentials. No accidentally committed credentials or sensitive data found. [04:47:54] [69/80] Analyzing smol-ai/ainews-web-2025... [04:48:01] [68/80] SKIP Proglang-TypeScript/dts-auto-generate — This repository is a TypeScript declaration file generator research project. The mention of 'better-sqlite3' is simply one entry in a massive list of npm module names. [04:48:01] [70/80] Analyzing EmotionLotion/TokenisationSDK... [04:48:03] [69/80] SKIP smol-ai/ainews-web-2025 — This is an AI news aggregation website (daily newsletter) that summarizes AI community discussions. It has no relation to crypto wallets, private keys, or sensitive credentials. [04:48:03] [71/80] Analyzing matixlol/caloric... [04:48:07] [67/80] MAYBE dhnpmp-tech/dc1-platform — GPU compute marketplace platform with Supabase credentials (URL and anon key) hardcoded directly in the README, plus wallet/billing functionality handling SAR payments. [04:48:07] [72/80] Analyzing bitfinexcom/bfx-report-electron... [04:48:11] [70/80] SKIP EmotionLotion/TokenisationSDK — This is a tokenized asset platform SDK (real estate, compute) — not a crypto wallet project. It uses better-sqlite3 for local development but contains no committed credentials or sensitive data. [04:48:11] [73/80] Analyzing macca261/Nimbus_Finance_new... [04:48:12] [71/80] SKIP matixlol/caloric — This is a calorie/macros tracking app (Caloric) that uses Jazz for data sync and Clerk for auth. It has nothing to do with crypto wallets. [04:48:12] [74/80] Analyzing eric-erki/arl... [04:48:14] [72/80] SKIP bitfinexcom/bfx-report-electron — This is Bitfinex's official reporting/analytics Electron app for viewing trading history and account summaries. It is not a wallet project and contains no accidentally committed credentials. [04:48:14] [75/80] Analyzing avdheshcharjan/RiskyRich... [04:48:19] [74/80] SKIP eric-erki/arl — This is a curated list of popular GitHub repositories organized by programming language, not a wallet project with any credentials. [04:48:19] [76/80] Analyzing taudas/podcoin101... [04:48:21] [73/80] SKIP macca261/Nimbus_Finance_new — This is a personal finance/banking SaaS application (CSV import, transaction categorization, budgeting) targeting the German market — not a crypto wallet project. [04:48:21] [77/80] Analyzing TailorAU/pact... [04:48:23] [75/80] SKIP avdheshcharjan/RiskyRich — This is an AI-powered insurance gap analysis and financial risk assessment agent built on the ElizaOS framework. It is not a crypto wallet project and contains no committed credentials or sensitive data. [04:48:23] [78/80] Analyzing RafiMM0609/ARES... [04:48:26] [76/80] SKIP taudas/podcoin101 — This is a non-crypto community currency (mutual credit) system, not a crypto wallet project. It explicitly states 'Non-crypto — centralized SQLite ledger, not blockchain' and does not handle real crypto funds or private keys. [04:48:26] [79/80] Analyzing jmgomezl/aivy... [04:48:29] [77/80] SKIP TailorAU/pact — This is a protocol for AI agent consensus and document collaboration (PACT), not a crypto wallet project. The 'balance' field and 'agent_wallets' table are for an internal credit/karma economy between AI agents, not real cryptocurrency. [04:48:29] [80/80] Analyzing SquadBotApp/agentarmy... [04:48:32] [78/80] SKIP RafiMM0609/ARES — ARES is a freelancer payment platform with QI Network wallet integration. It uses SQLite via better-sqlite3 but shows no evidence of accidentally committed credentials, private keys, or sensitive data. [04:48:34] [79/80] SKIP jmgomezl/aivy — This is a hackathon project for deploying AI agents on Hedera blockchain. It uses proper security practices (AWS KMS encryption, env vars) and no accidentally committed credentials were found. [04:48:39] [80/80] SKIP SquadBotApp/agentarmy — This is an AI agent orchestration system (multi-agent task planning/execution platform), not a crypto wallet project. It has no wallet functionality, no private key handling, and no committed credentials. [04:48:39] Searching: "sqlite wallet keypair generate blockchain" [04:48:42] Page 1: +100 items, 91 repos total [04:48:48] Found 91 repos (81 new, 10 already seen) [04:48:48] [1/81] Analyzing Parsa33033/Bitcoin-Blockchain... [04:48:48] [2/81] Analyzing Infinium-dev/Infinium... [04:48:48] [3/81] Analyzing KaguraGateway/AikaCoin... [04:48:55] [1/81] SKIP Parsa33033/Bitcoin-Blockchain — This is a simple educational Bitcoin blockchain simulation project that stores generated keypairs in SQLite, but contains no actual committed database files, real credentials, or sensitive data. [04:48:55] [4/81] Analyzing vesellov/bitdust.public.old... [04:48:56] [3/81] SKIP KaguraGateway/AikaCoin — This is a custom cryptocurrency implementation (AikaCoin) that generates and stores wallet keys locally via files, but does not contain any accidentally committed credentials, private keys, or sensitive data. [04:48:56] [5/81] Analyzing rudyrdx/SafeDoc... [04:48:58] [2/81] SKIP Infinium-dev/Infinium — This is the source code for Infinium-8 cryptocurrency (a CryptoNote-based coin). It contains wallet implementation code but no accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:48:58] [6/81] Analyzing Chainlinksahmiyat/blockchain... [04:49:04] [4/81] SKIP vesellov/bitdust.public.old — BitDust is a peer-to-peer backup utility with an experimental blockchain/coin module. It does not contain any accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:49:04] [7/81] Analyzing nicmasaribeiro/nmcybc-v1... [04:49:05] [5/81] SKIP rudyrdx/SafeDoc — This is a C++ blockchain/document storage project (SafeDoc) that uses SQLite to store RSA key pairs, but it does not contain any accidentally committed credentials, databases with real data, or hardcoded secrets. [04:49:05] [8/81] Analyzing swaponline/MultiCurrencyWallet... [04:49:07] [6/81] SKIP Chainlinksahmiyat/blockchain — This is a custom blockchain implementation written from scratch in C++, not a crypto wallet project with accidentally committed credentials or sensitive data. [04:49:07] [9/81] Analyzing xilibi2003/learnblockchain... [04:49:12] [8/81] SKIP swaponline/MultiCurrencyWallet — This is an open-source multi-currency crypto wallet project (MultiCurrencyWallet) with a technical specification for a native Android wallet. No accidentally committed credentials, private keys, databases, or sensitive data were found. [04:49:12] [10/81] Analyzing cypherstack/stack_wallet... [04:49:13] [7/81] SKIP nicmasaribeiro/nmcybc-v1 — This is a custom blockchain/wallet project with SQLite database schemas but no committed credentials, private keys, seed phrases, or sensitive data. [04:49:13] [11/81] Analyzing prasangapokharel/phonesium-network... [04:49:17] [9/81] SKIP xilibi2003/learnblockchain — This is a Chinese blockchain technology blog/tutorial repository explaining how to develop an Ethereum Android wallet. It contains educational content about wallet development concepts, not actual wallet code with committed credentials. [04:49:17] [12/81] Analyzing openlegion-ai/openlegion... [04:49:21] [10/81] SKIP cypherstack/stack_wallet — Stack Wallet is a legitimate, well-maintained open-source multicoin cryptocurrency wallet. No accidentally committed credentials, private keys, database files, or hardcoded secrets were found. [04:49:21] [13/81] Analyzing SachinMeier/looper... [04:49:22] [11/81] SKIP prasangapokharel/phonesium-network — This is a custom blockchain project (Phonesium Network) that stores private keys in SQLite by design, but there are no actual committed database files or hardcoded credentials — only the code schema for wallet storage. [04:49:22] [14/81] Analyzing maxgershfield/pangea... [04:49:28] [12/81] SKIP openlegion-ai/openlegion — This is an AI agent framework with a *planned* (not yet implemented) wallet signing service. The matched file is a design document/implementation plan, not committed credentials or sensitive data. [04:49:28] [15/81] Analyzing spipm/crackcoin... [04:49:30] [13/81] SKIP SachinMeier/looper — This is a Rust implementation of a Lightning Loop (submarine swap) server. It does not contain any accidentally committed credentials or sensitive data. [04:49:30] [16/81] Analyzing elizaOS/eliza... [04:49:30] [14/81] SKIP maxgershfield/pangea — This is a RWA tokenization platform (Pangea Markets) that uses OASIS API for wallet management. The mention of SQLite and MongoDB is in API documentation describing OASIS's storage architecture, not accidentally committed credentials. [04:49:30] [17/81] Analyzing alfetahe/java-blockchain... [04:49:37] [15/81] SKIP spipm/crackcoin — This is an educational/tutorial cryptocurrency PoC project that uses SQLite for a toy blockchain-free currency. It does not contain accidentally committed real credentials or sensitive data. [04:49:37] [18/81] Analyzing Tanglius/cardano_matrix... [04:49:38] [17/81] SKIP alfetahe/java-blockchain — This is an educational blockchain implementation in Java that demonstrates Bitcoin concepts like mining, ECDSA signatures, and transactions. It contains no real credentials, no committed databases, and no actual wallet functionality for real crypto funds. [04:49:38] [19/81] Analyzing darkrenaissance/darkfi... [04:49:38] [16/81] SKIP elizaOS/eliza — elizaOS is an open-source multi-agent AI framework. The matched snippet shows environment variable names (like EVM_PRIVATE_KEY) used for configuration, not accidentally committed credentials. [04:49:38] [20/81] Analyzing icopy-site/awesome-cn... [04:49:46] [20/81] SKIP icopy-site/awesome-cn — This is a curated 'awesome list' aggregator that collects links to IPFS-related projects. It has no wallet functionality, no credentials, and no sensitive data. [04:49:46] [21/81] Analyzing ACINQ/eclair... [04:49:47] [18/81] SKIP Tanglius/cardano_matrix — This is the Cardano Developer Portal documentation repository, containing tutorial/guide documentation for cardano-wallet-js SDK usage. It does not contain any accidentally committed credentials or sensitive data. [04:49:47] [22/81] Analyzing CYXWIZ-Lab/CYXWIZ... [04:49:47] [19/81] SKIP darkrenaissance/darkfi — DarkFi is a legitimate Layer 1 blockchain project with a CLI wallet (drk) that uses SQLite to store keys locally. There are no accidentally committed credentials or sensitive data. [04:49:47] [23/81] Analyzing brendadeeznuts1111/justworksbun... [04:49:54] [21/81] SKIP ACINQ/eclair — Eclair is a well-known, professional Lightning Network implementation by ACINQ. It does not contain accidentally committed credentials or sensitive data. [04:49:54] [24/81] Analyzing ZiverLabs/Ziver-Chain... [04:49:57] [22/81] SKIP CYXWIZ-Lab/CYXWIZ — This is a decentralized ML compute platform with Solana blockchain integration for payment escrow. It does not contain accidentally committed credentials or sensitive wallet data. [04:49:57] [25/81] Analyzing sonr-io/sonr... [04:49:59] [23/81] SKIP brendadeeznuts1111/justworksbun — This is a demo/showcase project for Bun runtime capabilities that includes a wallet manager with SQLite schema, but contains no actual committed credentials, private keys, seed phrases, or sensitive data. [04:49:59] [26/81] Analyzing armpit-symphony/WEPO-wallet... [04:50:03] [24/81] SKIP ZiverLabs/Ziver-Chain — This is a blockchain framework/language documentation repository for 'Ziver Chain' and its custom programming language 'Zexus'. It contains no real credentials, private keys, or sensitive data. [04:50:03] [27/81] Analyzing cardano-foundation/jormungandr... [04:50:05] [25/81] SKIP sonr-io/sonr — Sonr is a decentralized identity network/blockchain built on Cosmos SDK. It is not a wallet project with accidentally committed credentials. [04:50:05] [28/81] Analyzing ilan84levi/Birilium... [04:50:09] [26/81] SKIP armpit-symphony/WEPO-wallet — This is a WEPO cryptocurrency/blockchain project building a quantum-resistant wallet system. It does not contain any accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:50:09] [29/81] Analyzing Zaidux/zexus-interpreter... [04:50:11] [27/81] SKIP cardano-foundation/jormungandr — This is Jormungandr, a Cardano blockchain node implementation by the Cardano Foundation/IOHK. It is not a wallet project and contains no accidentally committed credentials. [04:50:11] [30/81] Analyzing 8harath/OVS... [04:50:13] [28/81] SKIP ilan84levi/Birilium — This is a deployment script for a custom blockchain node (Birilium) that properly generates credentials at deploy time and stores them in .env files — no accidentally committed credentials or sensitive data found. [04:50:13] [31/81] Analyzing Numi2/qbtc... [04:50:17] [29/81] SKIP Zaidux/zexus-interpreter — This is a programming language interpreter (Zexus) with built-in blockchain support features. It does not contain any accidentally committed credentials, private keys, or sensitive data. [04:50:17] [32/81] Analyzing q-bitx/Source-... [04:50:18] [30/81] SKIP 8harath/OVS — This is an Online Voting System (not a crypto wallet) with a blockchain integration planning document. No actual credentials, private keys, or sensitive data are committed. [04:50:18] [33/81] Analyzing jdhitsolutions/PSGalleryReport... [04:50:21] [31/81] SKIP Numi2/qbtc — This is a fork of Bitcoin Core modified to use quantum-resistant cryptography (CRYSTALS-Dilithium, BLAKE3). It is a blockchain node implementation, not a project with accidentally committed credentials or sensitive data. [04:50:21] [34/81] Analyzing icopy-site/awesome... [04:50:26] [32/81] SKIP q-bitx/Source- — This is the source code for Q-BitX (QBX), a Bitcoin Core-derived blockchain with post-quantum signatures. It contains no accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:50:26] [35/81] Analyzing xlnfinance/xln... [04:50:26] [33/81] SKIP jdhitsolutions/PSGalleryReport — This is a PowerShell Gallery reporting repository that generates reports about PowerShell modules. It has no relation to crypto wallets, credentials, or sensitive data. [04:50:26] [36/81] Analyzing FairgateLabs/rust-bitvmx-wallet... [04:50:29] [34/81] SKIP icopy-site/awesome — This is a curated collection of awesome lists aggregated from GitHub, specifically showing an IPFS awesome list. It has no relation to crypto wallets or accidentally committed credentials. [04:50:29] [37/81] Analyzing cyberia-to/go-cyber... [04:50:36] [36/81] SKIP FairgateLabs/rust-bitvmx-wallet — This is a Rust-based Bitcoin wallet library for the BitVMX ecosystem. It does not contain any accidentally committed credentials, private keys, or sensitive data. [04:50:36] [38/81] Analyzing vesellov/bitdust.devel... [04:50:37] [37/81] SKIP cyberia-to/go-cyber — This is a Cosmos SDK-based blockchain project (knowledge graph/superintelligence prototype), not a crypto wallet project. The SQLite mention is about a planned future indexing plugin, not committed databases with sensitive data. [04:50:37] [39/81] Analyzing mansoor9ali/Rust101... [04:50:42] [35/81] SKIP xlnfinance/xln — XLN is a Layer 2 payment channel network project (similar to Lightning Network for EVM chains). The archived 2019 source code shows wallet/channel logic but contains no accidentally committed credentials, private keys, databases, or sensitive data. [04:50:42] [40/81] Analyzing arkade-os/rust-sdk... [04:50:45] [38/81] SKIP vesellov/bitdust.devel — BitDust is a peer-to-peer distributed backup storage network. The blockchain/wallet code is a generic implementation library (pybc) with no accidentally committed credentials, private keys, or sensitive data. [04:50:45] [41/81] Analyzing comwanga/BitVault... [04:50:46] [39/81] SKIP mansoor9ali/Rust101 — This is a Rust learning tutorial repository covering async programming, CSV processing, Redis operations, and a basic blockchain implementation guide. It contains no wallet project, no real credentials, and no sensitive data. [04:50:46] [42/81] Analyzing alsk1992/CloddsBot... [04:50:52] [40/81] SKIP arkade-os/rust-sdk — This is an Ark protocol SDK for building Bitcoin wallets in Rust. It contains no accidentally committed credentials, private keys, or sensitive data. [04:50:52] [43/81] Analyzing decentralized-identity/did-methods... [04:50:53] [41/81] SKIP comwanga/BitVault — BitVault is an in-development, open-source DLC (Discreet Log Contracts) platform for Bitcoin. It contains no accidentally committed credentials, private keys, or sensitive data. [04:50:53] [44/81] Analyzing Architects-of-Change-Protocol/Architects_of_Change_Protocol... [04:50:56] [42/81] SKIP alsk1992/CloddsBot — This is an AI trading terminal/agent project (Clodds) that uses SQLite for persistence of agent commerce data, but does not contain any accidentally committed credentials, private keys, or sensitive wallet data. [04:50:56] [45/81] Analyzing monicanagent/cypherpoker.js... [04:51:00] [43/81] SKIP decentralized-identity/did-methods — This is a DIF (Decentralized Identity Foundation) working group repository for DID method standardization proposals. It contains no wallet code, no credentials, no databases, and no sensitive data. [04:51:00] [46/81] Analyzing aljazceru/awesome-nostr... [04:51:01] [44/81] SKIP Architects-of-Change-Protocol/Architects_of_Change_Protocol — This is a protocol specification/design document for a sovereign data wallet concept, not a working software project with any code, databases, or credentials. [04:51:01] [47/81] Analyzing defcon-project/defcon... [04:51:05] [45/81] SKIP monicanagent/cypherpoker.js — This is an open-source peer-to-peer poker platform with cryptocurrency integration. While it handles Bitcoin wallets and transactions, the code shown is source code/documentation, not accidentally committed credentials or sensitive data. [04:51:05] [48/81] Analyzing GrokkingGrok/robotorq-reserve-system... [04:51:08] [46/81] SKIP aljazceru/awesome-nostr — This is an awesome-list curating Nostr protocol projects and resources. It is not a wallet project and contains no committed credentials or sensitive data. [04:51:08] [49/81] Analyzing EspressoSystems/espresso-network... [04:51:11] [47/81] SKIP defcon-project/defcon — This is a Bitcoin/Dash-forked cryptocurrency node (DeFCoN Core) with standard wallet infrastructure code. It contains no accidentally committed credentials or sensitive data. [04:51:11] [50/81] Analyzing bitcoinops/bitcoinops.github.io... [04:51:15] [48/81] SKIP GrokkingGrok/robotorq-reserve-system — This is a design/planning document for a theoretical decentralized monetary system called RoboTorq. It contains no actual code, no committed databases, no credentials, and no real wallet implementation. [04:51:15] [51/81] Analyzing xing-hu/TL-CodeSum... [04:51:16] [49/81] SKIP EspressoSystems/espresso-network — This is the Espresso Network sequencer infrastructure project, not a crypto wallet project. The matched code is a test helper generating deterministic key pairs from a seed for testing purposes. [04:51:16] [52/81] Analyzing revault/revaultd... [04:51:18] [50/81] SKIP bitcoinops/bitcoinops.github.io — This is the Bitcoin Optech website repository, which publishes educational newsletters and podcasts about Bitcoin technology. It contains no wallet software, credentials, or sensitive data. [04:51:18] [53/81] Analyzing NeoV55/SuiSend... [04:51:23] [51/81] SKIP xing-hu/TL-CodeSum — This is a code summarization research project (TL-CodeSum) that uses seq2seq models for generating natural language summaries of code. The vocabulary file contains common English words and programming terms, not any credentials or wallet-related code. [04:51:23] [54/81] Analyzing neurons-me/.me... [04:51:23] [52/81] SKIP revault/revaultd — This is the Revault Bitcoin vault architecture daemon - a legitimate open-source multi-party Bitcoin custody solution with no accidentally committed credentials or sensitive data. [04:51:23] [55/81] Analyzing alingse/go-linter-runner... [04:51:24] [53/81] SKIP NeoV55/SuiSend — This is a design/concept repository for an NFC crypto wallet on Sui blockchain. It contains no actual source code, no committed databases, and no accidentally leaked credentials. [04:51:24] [56/81] Analyzing blockchaingate/fab-wallet-app-sc... [04:51:32] [55/81] SKIP alingse/go-linter-runner — This is a GitHub Action tool for running Go linters across multiple public repositories. It has nothing to do with crypto wallets or accidentally committed credentials. [04:51:32] [57/81] Analyzing one-covenant/basilica... [04:51:32] [54/81] SKIP neurons-me/.me — .me is a theoretical semantic identity protocol/language project, not a crypto wallet handling real funds. The mentions of 'wallet' and 'SQLite' are part of an abstract whitepaper describing a conceptual identity system. [04:51:32] [58/81] Analyzing myrual/pixinwallet... [04:51:36] [56/81] SKIP blockchaingate/fab-wallet-app-sc — This is a FAB cryptocurrency mobile wallet app that uses SQLite to store UTXOs, transaction history, and address data, but the repository does not contain accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:51:36] [59/81] Analyzing BitDevsNYC/BitDevsNYC.github.io... [04:51:41] [57/81] SKIP one-covenant/basilica — This is a decentralized GPU compute network (Basilica) on Bittensor, not a crypto wallet project. It does not handle private keys for crypto funds, seed phrases, or wallet data. [04:51:41] [60/81] Analyzing cardano2vn/cardanovn-portal... [04:51:42] [58/81] SKIP myrual/pixinwallet — This is a Bitcoin/altcoin wallet built with PyQt on Mixin Network, but it does not contain any accidentally committed credentials, private keys, database files with sensitive data, or hardcoded API keys. [04:51:42] [61/81] Analyzing devdasx/satryn... [04:51:43] [59/81] SKIP BitDevsNYC/BitDevsNYC.github.io — This is the BitDevs NYC meetup website, a Jekyll-based blog that curates links to Bitcoin development news, research, and releases for their Socratic Seminar meetups. [04:51:43] [62/81] Analyzing bmwiedemann/openSUSE... [04:51:49] [60/81] SKIP cardano2vn/cardanovn-portal — This is a Vietnamese documentation portal for Cardano developers, built with Docusaurus. It contains translated tutorials and guides, not any real credentials or wallet data. [04:51:49] [63/81] Analyzing comit-network/waves... [04:51:50] [61/81] SKIP devdasx/satryn — Satryn is a legitimate open-source self-custody Bitcoin wallet built with React Native/Expo. The repository contains wallet source code but no accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:51:50] [64/81] Analyzing Fractal-WG/fractal... [04:51:50] [62/81] SKIP bmwiedemann/openSUSE — This is a read-only mirror of openSUSE Linux distribution package sources from build.opensuse.org, not a crypto wallet project. [04:51:50] [65/81] Analyzing sepivip/SeekerClaw... [04:51:59] [65/81] SKIP sepivip/SeekerClaw — SeekerClaw is an Android AI agent app for Solana that runs via Telegram, with Solana wallet integration. The repository contains architecture documentation and research notes but no accidentally committed credentials or sensitive data. [04:51:59] [66/81] Analyzing kkyon/Simple-IT-English... [04:51:59] [63/81] SKIP comit-network/waves — This is a DeFi project on Liquid (Bitcoin sidechain) that uses SQLite for ephemeral test databases, not for storing real private keys or credentials. [04:51:59] [67/81] Analyzing Velnbur/bitcoin-faucet... [04:52:00] [64/81] SKIP Fractal-WG/fractal — This is the Dogecoin Fractal Engine for Real World Assets (RWAs) tokenization on the Dogecoin blockchain. It contains no accidentally committed credentials or sensitive data. [04:52:00] [68/81] Analyzing AlbusSec/Penetration-List... [04:52:06] [67/81] SKIP Velnbur/bitcoin-faucet — This is a local Bitcoin development faucet tool that generates keys at runtime for local testing — no real credentials are committed. [04:52:06] [69/81] Analyzing Reinasboo/Agentic-wallet... [04:52:07] [68/81] SKIP AlbusSec/Penetration-List — This is a penetration testing wordlist/payload repository containing API endpoint fuzzing lists, not a crypto wallet project with accidentally committed credentials. [04:52:07] [70/81] Analyzing dilithion/dilithion... [04:52:09] [66/81] SKIP kkyon/Simple-IT-English — This is an English vocabulary/wordbook project for IT professionals, not a crypto wallet project. The word 'wallet' appears only as a word frequency count in a CSV of common IT terms. [04:52:09] [71/81] Analyzing milady-ai/milady... [04:52:15] [70/81] SKIP dilithion/dilithion — This is a quantum-resistant cryptocurrency project (Dilithion) with technical specification documents. It contains no accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:52:15] [72/81] Analyzing gist-rs/reev... [04:52:17] [69/81] SKIP Reinasboo/Agentic-wallet — This is a well-architected autonomous AI agent wallet framework for Solana with proper security design (AES-256-GCM encryption, key isolation). No accidentally committed credentials or sensitive data were found. [04:52:17] [73/81] Analyzing nirholas/universal-crypto-mcp... [04:52:19] [71/81] SKIP milady-ai/milady — This is an AI assistant framework (fork/rebrand of elizaOS) with a plugin configuration file that defines environment variable schemas for various integrations. No actual credentials are committed. [04:52:19] [74/81] Analyzing gustavovalverde/zentity... [04:52:26] [72/81] Analysis failed: TypeError: fetch failed [04:52:26] [75/81] Analyzing berkayoztunc/orquestra... [04:52:34] [75/81] SKIP berkayoztunc/orquestra — This is a developer tool that converts Solana Anchor IDLs into REST APIs. It is not a crypto wallet project and contains no committed credentials or sensitive data. [04:52:34] [76/81] Analyzing bc1plainview/buidl-opnet-plugin... [04:52:36] [74/81] SKIP gustavovalverde/zentity — Zentity is a privacy-preserving identity verification platform using ZK proofs and FHE, not a crypto wallet project handling funds. [04:52:36] [77/81] Analyzing unicitynetwork/webwallet... [04:52:37] [73/81] SKIP nirholas/universal-crypto-mcp — This is a Universal Crypto MCP server project with a memecoin trading bot component. It describes using SQLite databases and wallet private keys, but the matched content is only documentation/implementation plans — no actual committed credentials or sensitive data were found. [04:52:37] [78/81] Analyzing xmtp/libxmtp... [04:52:43] [76/81] SKIP bc1plainview/buidl-opnet-plugin — This is a Claude Code plugin for building OPNet Bitcoin L1 dApps via multi-agent orchestration. It contains no committed credentials, private keys, or sensitive data. [04:52:43] [79/81] Analyzing Ghostspeak/GhostSpeak... [04:52:44] [77/81] SKIP unicitynetwork/webwallet — This is a legitimate browser-based cryptocurrency wallet project with proper security practices (client-side encryption, PBKDF2, etc.). No accidentally committed credentials, private keys, seed phrases, or sensitive data were found. [04:52:44] [80/81] Analyzing Jeffreyxdev/zola-ai... [04:52:44] [78/81] SKIP xmtp/libxmtp — LibXMTP is a messaging protocol library (not a crypto wallet) that mentions SQLite encryption for message storage. It contains no accidentally committed credentials or sensitive data. [04:52:44] [81/81] Analyzing ResonantOS/resonantos-alpha... [04:52:53] [79/81] SKIP Ghostspeak/GhostSpeak — GhostSpeak is an AI agent commerce protocol on Solana providing trust/reputation infrastructure. It does not contain accidentally committed credentials or sensitive wallet data. [04:52:54] [81/81] SKIP ResonantOS/resonantos-alpha — ResonantOS is an AI orchestration platform with Solana wallet integration, but it does not contain accidentally committed credentials or sensitive data. [04:53:00] [80/81] MAYBE Jeffreyxdev/zola-ai — Solana wallet bot that stores AES-encrypted private keys in SQLite (wallet_store.py) and references a WALLET_PRIVKEY env var fallback. The repo structure suggests sensitive data could be committed, but without seeing the actual database file or hardcoded credentials in the snippets, it's a potential match rather than a confirmed leak. [04:53:00] Searching: "sqlite crypto wallet deposit withdrawal" [04:53:03] Page 1: +100 items, 74 repos total [04:53:09] Found 74 repos (62 new, 12 already seen) [04:53:09] [1/62] Analyzing AndiPrapugicu/finance-ledger-backend... [04:53:09] [2/62] Analyzing dsaslb/your_project... [04:53:09] [3/62] Analyzing Dipec001/investment-website... [04:53:17] [1/62] SKIP AndiPrapugicu/finance-ledger-backend — This is a personal finance ledger/budget tracking backend in Django, not a crypto wallet project. It manages fiat currency balances (USD) and has no private keys, seed phrases, or crypto credentials. [04:53:17] [4/62] Analyzing shaypower/Webstore-Flask... [04:53:20] [3/62] MATCH Dipec001/investment-website — Investment/crypto website with hardcoded PostgreSQL database credentials committed directly in source code, containing user balances, deposits, withdrawals, and wallet addresses. [04:53:20] [5/62] Analyzing 6angel6/BankCrypto... [04:53:21] [2/62] SKIP dsaslb/your_project — This is a multi-tenant management system (Flask-based) with a crypto payment module that is clearly a demo/template project, not a real wallet with accidentally committed credentials. [04:53:21] [6/62] Analyzing commerceblock/mercurylayer... [04:53:26] [4/62] SKIP shaypower/Webstore-Flask — This is a Flask webstore/hosting service PoC, not a crypto wallet project. It uses a payment API (NowPayments) for deposits but does not store private keys, seed phrases, or wallet data. [04:53:26] [7/62] Analyzing btcpayserver/btcpayserver... [04:53:29] [6/62] SKIP commerceblock/mercurylayer — Mercury Layer is a Bitcoin Layer 2 statechain protocol. The code uses SQLite for wallet storage but contains no accidentally committed credentials, private keys, seed phrases, or hardcoded secrets. [04:53:29] [8/62] Analyzing somberwraith/GF... [04:53:30] [5/62] SKIP 6angel6/BankCrypto — This is a student/tutorial crypto bank backend project that uses SQLite with SQLAlchemy but does not store any real private keys, seed phrases, or actual crypto wallet credentials. The 'wallet' is just a database balance tracker. [04:53:30] [9/62] Analyzing TheKingOfDuck/fuzzDicts... [04:53:33] [7/62] SKIP btcpayserver/btcpayserver — BTCPay Server is a well-known open-source Bitcoin payment processor. The search matches are only from changelog entries mentioning SQLite deprecation and wallet features — no leaked credentials or sensitive data. [04:53:33] [10/62] Analyzing brndnmtthws/optimal-buy-cbpro... [04:53:38] [9/62] SKIP TheKingOfDuck/fuzzDicts — This is a web penetration testing fuzzing dictionary repository containing wordlists for parameters, passwords, directories, etc. It has no relation to crypto wallets or accidentally committed credentials. [04:53:38] [11/62] Analyzing jeremylongshore/claude-code-plugins-plus-skills... [04:53:42] [10/62] SKIP brndnmtthws/optimal-buy-cbpro — This is a Coinbase Pro automated buying tool that uses SQLite for tracking orders/withdrawals and takes API keys as command-line parameters — no accidentally committed credentials or sensitive data found. [04:53:42] [12/62] Analyzing Skytffxx/Aurora... [04:53:42] [8/62] MAYBE somberwraith/GF — Discord bot project that generates real Bitcoin/Ethereum wallets, stores encrypted private keys in a SQLite database (crypto_wallets.db), and saves the encryption key to a local file (.wallet_encryption_key) — both of which could be accidentally committed. [04:53:42] [13/62] Analyzing elastos/Elastos.Essentials.App... [04:53:50] [13/62] SKIP elastos/Elastos.Essentials.App — This is the Elastos Essentials wallet application, a legitimate open-source crypto wallet. The search matches are only translation/localization strings, not any committed credentials or sensitive data. [04:53:50] [14/62] Analyzing obapluto-ob/skillstakegamers... [04:53:51] [12/62] SKIP Skytffxx/Aurora — This is a Discord economy bot with a virtual in-game currency system (coins), not a cryptocurrency wallet project. It does not handle real crypto funds, private keys, or seed phrases. [04:53:51] [15/62] Analyzing lnbits/lnbits... [04:53:52] [11/62] SKIP jeremylongshore/claude-code-plugins-plus-skills — This is a Claude Code plugins/skills marketplace repository containing template code for a crypto tax calculator plugin — not a wallet project with accidentally committed credentials. [04:53:52] [16/62] Analyzing aitjcize/alec... [04:53:58] [15/62] SKIP lnbits/lnbits — LNbits is a well-known open-source Lightning Network wallet and accounts system. The repository does not contain accidentally committed credentials, private keys, or sensitive data. [04:53:58] [17/62] Analyzing Nworah-Gabriel/BlockAsseti... [04:53:59] [14/62] SKIP obapluto-ob/skillstakegamers — This is a gaming/esports betting platform (GAMERSHUB) with an in-app wallet for deposits/withdrawals via M-Pesa, PayPal, and crypto — not a crypto wallet project handling private keys or seed phrases. [04:53:59] [18/62] Analyzing simonmichael/hledger... [04:54:01] [16/62] SKIP aitjcize/alec — This is a trading bot that tracks wallet balances and transaction history on Bitfinex exchange. It does not contain any accidentally committed credentials or sensitive data. [04:54:01] [19/62] Analyzing evilc0deooo/PentesterSpecialDict... [04:54:06] [17/62] SKIP Nworah-Gabriel/BlockAsseti — This is a real estate investment web application (Django), not a crypto wallet project. It does not handle private keys, seed phrases, or actual crypto fund management. [04:54:06] [20/62] Analyzing unmasSk/Acolytes... [04:54:06] [18/62] SKIP simonmichael/hledger — hledger is a plain text accounting tool for personal finance tracking — it is not a crypto wallet project and contains no committed credentials or sensitive data. [04:54:06] [21/62] Analyzing nervosnetwork/neuron... [04:54:08] [19/62] SKIP evilc0deooo/PentesterSpecialDict — This is a penetration testing fuzzing dictionary/wordlist collection repository, not a crypto wallet project. [04:54:08] [22/62] Analyzing 7hang/Fuzz_dic... [04:54:14] [21/62] SKIP nervosnetwork/neuron — Neuron is the official Nervos CKB desktop wallet, a well-maintained open-source project by the Nervos Network team. It does not contain accidentally committed credentials or sensitive data. [04:54:14] [23/62] Analyzing bavix/laravel-wallet... [04:54:15] [22/62] SKIP 7hang/Fuzz_dic — This is a fuzzing/pentesting dictionary (wordlist) repository containing common URL paths and parameters, not a crypto wallet project. [04:54:15] [24/62] Analyzing SwashO7/crypto-backend... [04:54:16] [20/62] SKIP unmasSk/Acolytes — This is a multi-agent AI orchestration system for Claude Code with 60+ specialized agents. It is not a crypto wallet project and contains no real credentials or sensitive data. [04:54:16] [25/62] Analyzing jonathanvineet/x_scrapper... [04:54:21] [23/62] SKIP bavix/laravel-wallet — This is a Laravel PHP package for managing virtual wallets (in-app currency/credits), not a cryptocurrency wallet handling real crypto funds or private keys. [04:54:21] [26/62] Analyzing rotki/rotki... [04:54:25] [25/62] SKIP jonathanvineet/x_scrapper — This is a Twitter/X scraper tool for collecting tweets about crypto and other topics. It is not a crypto wallet project and contains no credentials or sensitive data. [04:54:25] [27/62] Analyzing parsaoryani/zk-proof... [04:54:26] [24/62] MAYBE SwashO7/crypto-backend — Crypto wallet portfolio tracker with a hardcoded CoinMarketCap API key committed directly in the source code as a fallback default value. [04:54:26] [28/62] Analyzing kpachhai/pathsport-app... [04:54:32] [26/62] SKIP rotki/rotki — Rotki is an open-source portfolio tracking and analytics application. The matched snippets are purely UI localization strings (i18n JSON files) that mention 'wallet' and 'SQLite' in generic UI context. [04:54:32] [29/62] Analyzing webcredits/webcredits... [04:54:33] [28/62] SKIP kpachhai/pathsport-app — This is a mobile wallet app (Elastos-based) with translation/localization files. No credentials, private keys, databases, or sensitive data are committed. [04:54:33] [30/62] Analyzing spmedia/PhishingSecLists... [04:54:34] [27/62] SKIP parsaoryani/zk-proof — This is an academic/research project implementing a zero-knowledge proof cryptocurrency mixer protocol. It contains no accidentally committed credentials, private keys, or sensitive data. [04:54:34] [31/62] Analyzing stellar/stellar-docs... [04:54:45] [30/62] SKIP spmedia/PhishingSecLists — This is a wordlist/dictionary repository for scanning phishing websites, not a crypto wallet project with accidentally committed credentials. [04:54:45] [32/62] Analyzing AschPlatform/asch-docs... [04:54:46] [31/62] SKIP stellar/stellar-docs — This is the official Stellar network documentation repository, containing configuration guides and tutorials with placeholder values — not accidentally committed credentials. [04:54:46] [33/62] Analyzing insightglacier/Dictionary-Of-Pentesting... [04:54:48] [29/62] SKIP webcredits/webcredits — This is a decentralized ledger/points scoring system called 'webcredits' — not a crypto wallet handling real funds, private keys, or seed phrases. No accidentally committed credentials were found. [04:54:48] [34/62] Analyzing borispovod/whitepaper... [04:54:52] [32/62] SKIP AschPlatform/asch-docs — This is a documentation repository for the Asch blockchain platform, containing whitepapers and developer guides. It does not contain any committed credentials, private keys, or sensitive data. [04:54:52] [35/62] Analyzing LucasHonoratoDeSouza/Linvesther... [04:54:54] [33/62] SKIP insightglacier/Dictionary-Of-Pentesting — This is a pentesting dictionary/wordlist collection repository used for brute-forcing, fuzzing, and bug bounty hunting. It has no relation to crypto wallets or accidentally committed credentials. [04:54:54] [36/62] Analyzing tezos/tezos-mirror... [04:54:54] [34/62] SKIP borispovod/whitepaper — This is a whitepaper document for the Crypti cryptocurrency platform. It contains no code, no credentials, and no committed sensitive data. [04:54:54] [37/62] Analyzing kanzure/diyhpluswiki... [04:55:01] [35/62] SKIP LucasHonoratoDeSouza/Linvesther — This is an investment portfolio tracking and reputation platform (Linvesther), not a crypto wallet that handles real private keys or funds. It tracks declared capital and portfolio performance metrics. [04:55:01] [38/62] Analyzing Cryptorating/whitepapers... [04:55:03] [37/62] SKIP kanzure/diyhpluswiki — This is a do-it-yourself biohacking/transhumanism wiki that includes extensive Bitcoin technical notes about scalability proposals. It contains no wallet software, no credentials, and no sensitive data. [04:55:03] [39/62] Analyzing Zilliqa/zq2... [04:55:03] [36/62] SKIP tezos/tezos-mirror — This is the official Tezos/Octez blockchain node software mirror - a large infrastructure project, not a wallet project with accidentally committed credentials. [04:55:03] [40/62] Analyzing coinbase-samples/prime-send-receive-go... [04:55:08] [38/62] SKIP Cryptorating/whitepapers — This is a collection of cryptocurrency whitepapers (academic/technical documents). It contains no code, no credentials, no databases, and no wallet implementations. [04:55:08] [41/62] Analyzing caelum0x/hyperliqbot... [04:55:12] [39/62] SKIP Zilliqa/zq2 — This is the Zilliqa 2.0 blockchain node implementation — a Layer 1 blockchain infrastructure project, not a wallet project with accidentally committed credentials. [04:55:12] [42/62] Analyzing schandar/Cryptocurrency-backtester... [04:55:13] [40/62] SKIP coinbase-samples/prime-send-receive-go — This is a Coinbase Prime sample application for deposit/withdrawal management using SQLite as a subledger. It uses proper environment variable configuration for API credentials with no accidentally committed secrets. [04:55:13] [43/62] Analyzing metaperl/surgetrader... [04:55:21] [42/62] SKIP schandar/Cryptocurrency-backtester — This is a CS122 class project for cryptocurrency backtesting/trading strategy analysis, not a wallet project. The SQLite mentions are from included cryptocurrency whitepapers (Lisk, Asch), not from actual code or databases. [04:55:21] [44/62] Analyzing ten-protocol/go-ten... [04:55:21] [41/62] MAYBE caelum0x/hyperliqbot — A Hyperliquid trading Telegram bot that stores encrypted agent wallet private keys in a SQLite database (agent_wallets.db), with a weak default encryption key fallback and the encryption key potentially exposed. [04:55:21] [45/62] Analyzing simonmichael/hledger_site... [04:55:22] [43/62] SKIP metaperl/surgetrader — This is a cryptocurrency trading bot, not a wallet project. The SQLite database stores trade records (buy/sell orders, market pairs, quantities) rather than private keys, seed phrases, or wallet credentials. [04:55:22] [46/62] Analyzing LedgerHQ/ledger-live... [04:55:29] [46/62] SKIP LedgerHQ/ledger-live — This is the official Ledger Live mono-repository by Ledger, a hardware wallet company. It contains no accidentally committed credentials or sensitive data. [04:55:29] [47/62] Analyzing k-128/cxwrap... [04:55:30] [44/62] SKIP ten-protocol/go-ten — This is the official Go implementation of the TEN Protocol, an encrypted EVM Ethereum Layer 2 network. It is not a crypto wallet project and contains no accidentally committed credentials. [04:55:30] [48/62] Analyzing LedgerProject/Anastasis... [04:55:30] [45/62] SKIP simonmichael/hledger_site — This is the hledger website repository — a plain text accounting tool documentation site. It has no relation to crypto wallets or leaked credentials. [04:55:30] [49/62] Analyzing xaur/decred-news... [04:55:37] [49/62] SKIP xaur/decred-news — This is the Decred Journal, a monthly newsletter/blog about the Decred cryptocurrency project's development and community activities. It contains no credentials, private keys, or sensitive data. [04:55:37] [50/62] Analyzing xmtp/docs-xmtp-org... [04:55:39] [48/62] SKIP LedgerProject/Anastasis — GNU Anastasis is a password-less key recovery system using multi-factor authentication. It does not contain any accidentally committed credentials or sensitive data. [04:55:39] [51/62] Analyzing AviSoori1x/sqlgym... [04:55:39] [47/62] SKIP k-128/cxwrap — This is a Python wrapper library for cryptocurrency exchange APIs (Binance, BitMEX, CoinMarketCap, etc.), not a wallet project that stores private keys or handles crypto funds directly. [04:55:39] [52/62] Analyzing 0xNgoo/Catalyze... [04:55:46] [51/62] SKIP AviSoori1x/sqlgym — This is a text-to-SQL benchmark/corpus project that generates synthetic SQLite schemas across various domains, including a crypto exchange custody subdomain. It contains no real credentials, private keys, or sensitive data. [04:55:46] [53/62] Analyzing xlang-ai/Spider2... [04:55:46] [50/62] SKIP xmtp/docs-xmtp-org — This is the documentation repository for XMTP (Extensible Message Transport Protocol), a messaging protocol. It is not a crypto wallet project and contains no accidentally committed credentials. [04:55:46] [54/62] Analyzing mmrzaf/ledgerone... [04:55:46] [52/62] SKIP 0xNgoo/Catalyze — This is a work-in-progress requirements document and project scaffold for a micro-investment platform. It contains no actual code, no committed credentials, and no sensitive data. [04:55:46] [55/62] Analyzing nii236/armory... [04:55:55] [55/62] SKIP nii236/armory — This is a game wallet accounting system that uses SQLite and stores encrypted private keys, but there are no actual committed credentials, databases with data, or leaked secrets in the repository. [04:55:55] [56/62] Analyzing Scottcjn/bottube... [04:55:55] [53/62] SKIP xlang-ai/Spider2 — This is an academic benchmark (Spider 2.0) for evaluating language models on text-to-SQL tasks. It contains no wallet software, no private keys, and no accidentally committed credentials. [04:55:55] [57/62] Analyzing Backlinko-LLC/2020-google-searches... [04:55:56] [54/62] SKIP mmrzaf/ledgerone — LedgerOne is a planned personal finance and crypto tracking app (Flutter) that is still in the blueprint/design phase with no actual code, database files, or credentials committed. [04:55:56] [58/62] Analyzing jahidtoon/Quatex... [04:56:04] [58/62] SKIP jahidtoon/Quatex — This is a P2P trading platform implementation plan document (in Bangla) for a Next.js project called Quatex. It contains no accidentally committed credentials, private keys, or sensitive data. [04:56:04] [59/62] Analyzing githubmaidou/tools... [04:56:05] [57/62] SKIP Backlinko-LLC/2020-google-searches — This repository contains a dataset of 306 million Google search keywords analyzed by Backlinko for SEO research purposes. It has no relation to crypto wallets or sensitive credentials. [04:56:05] [60/62] Analyzing b-open-io/bsv21-overlay... [04:56:05] [56/62] SKIP Scottcjn/bottube — This is an AI video platform (BoTTube) with Banano cryptocurrency tipping integration, not a crypto wallet project. It uses environment variables for sensitive data like BANANO_SEED. [04:56:05] [61/62] Analyzing kysera-dev/kysera... [04:56:12] [61/62] SKIP kysera-dev/kysera — Kysera is a type-safe data access toolkit for TypeScript built on Kysely. It is a generic database ORM/repository library, not a crypto wallet project. [04:56:12] [62/62] Analyzing GaloisField2718/tldr_news... [04:56:12] [59/62] SKIP githubmaidou/tools — This is a penetration testing toolkit collection written in Python, not a crypto wallet project. The matched terms 'wallet' and 'SQLite' appear in a directory brute-force wordlist dictionary file. [04:56:14] [60/62] SKIP b-open-io/bsv21-overlay — This is a BSV21 token overlay/indexing service for tracking blockchain token transactions. It explicitly states 'No wallet functionality or private key management' in its non-goals. [04:56:19] [62/62] SKIP GaloisField2718/tldr_news — This is a newsletter archive repository that saves TLDR InfoSec newsletter emails in Markdown format. It does not contain any wallet code, credentials, or sensitive data. [04:56:19] Searching: "sequelize sqlite wallet private key" [04:56:23] Page 1: +100 items, 92 repos total [04:56:29] Found 92 repos (81 new, 11 already seen) [04:56:29] [1/81] Analyzing simple-icons/simple-icons... [04:56:29] [2/81] Analyzing maurosoria/dirsearch... [04:56:29] [3/81] Analyzing uptonking/note4yaoo... [04:56:38] [2/81] SKIP maurosoria/dirsearch — This is dirsearch, a web path brute-forcing/scanning tool. The matched file (db/dicc.txt) is a wordlist dictionary containing common paths to scan for on web servers, not actual credentials or wallet data. [04:56:38] [4/81] Analyzing bonfy/github-trending... [04:56:38] [3/81] SKIP uptonking/note4yaoo — This is a personal notes/wiki repository containing daily development notes and curated lists of libraries and frameworks. It has no wallet functionality, no credentials, and no sensitive data. [04:56:38] [5/81] Analyzing kaxap/arl... [04:56:38] [1/81] SKIP simple-icons/simple-icons — This is the Simple Icons repository - a collection of SVG icons for popular brands. It has no relation to crypto wallets, credentials, or sensitive data. [04:56:38] [6/81] Analyzing krisrice/oracle-db-skills... [04:56:45] [5/81] SKIP kaxap/arl — This repository is a curated list of popular GitHub repositories sorted by stars for various programming languages. It has no relation to crypto wallets or credentials. [04:56:45] [7/81] Analyzing SimonSchubert/LinuxCommandLibrary... [04:56:45] [4/81] SKIP bonfy/github-trending — This repository is a daily tracker of GitHub trending repositories, simply listing popular repos in markdown files. It has no relation to crypto wallets or leaked credentials. [04:56:45] [8/81] Analyzing larsbijl/trending_archive... [04:56:46] [6/81] SKIP krisrice/oracle-db-skills — This is a curated library of 100+ Oracle Database documentation/guide files organized by topic. It has nothing to do with crypto wallets or accidentally committed credentials. [04:56:46] [9/81] Analyzing aw-junaid/Hacking-Tools... [04:56:52] [8/81] SKIP larsbijl/trending_archive — This is an archive of GitHub daily trending repositories — it simply stores lists of trending repos as markdown files. It has no relation to crypto wallets or leaked credentials. [04:56:52] [10/81] Analyzing Otr437/Pure-madness-... [04:56:53] [7/81] SKIP SimonSchubert/LinuxCommandLibrary — This is a Linux command reference/documentation app containing man pages and command descriptions. It has no relation to crypto wallets or credential storage. [04:56:53] [11/81] Analyzing zero-0x01/gitfuzzer... [04:56:53] [9/81] SKIP aw-junaid/Hacking-Tools — This is a collection of ethical hacking tools and payloads for penetration testing, not a crypto wallet project with accidentally committed credentials. [04:56:53] [12/81] Analyzing uhub/awesome-javascript... [04:57:00] [12/81] SKIP uhub/awesome-javascript — This is a curated list of awesome JavaScript frameworks, libraries, and software — essentially a link aggregation README with no actual code, credentials, or wallet projects. [04:57:00] [13/81] Analyzing SexyBeast233/SecDictionary... [04:57:01] [11/81] SKIP zero-0x01/gitfuzzer — GitFuzzer is a GitHub repository discovery and security scanning tool that searches for secrets in other repos — it is NOT a crypto wallet project with accidentally committed credentials. [04:57:01] [14/81] Analyzing LNSwap/lnstxbridge... [04:57:03] [10/81] SKIP Otr437/Pure-madness- — This is a wallet server source code file but contains no accidentally committed credentials, private keys, seed phrases, or sensitive data. All secrets use proper environment variables via process.env. [04:57:03] [15/81] Analyzing smirk-dev/BharatChain... [04:57:08] [13/81] SKIP SexyBeast233/SecDictionary — This is a security/penetration testing dictionary/wordlist repository for fuzzing and file leak detection, not a crypto wallet project. [04:57:08] [16/81] Analyzing juice-shop/pwning-juice-shop... [04:57:08] [14/81] SKIP LNSwap/lnstxbridge — This is a Lightning Network / Stacks bridge swap service that uses SQLite for storing swap state, but there are no accidentally committed credentials, private keys, or sensitive data visible. [04:57:08] [17/81] Analyzing RapidDNS/Afuzz... [04:57:11] [15/81] SKIP smirk-dev/BharatChain — BharatChain is a government services/digital governance platform using blockchain for identity and document verification — not a crypto wallet project handling real funds. [04:57:11] [18/81] Analyzing asaotomo/SearchMap... [04:57:16] [16/81] SKIP juice-shop/pwning-juice-shop — This is the companion guide/ebook for OWASP Juice Shop, a deliberately vulnerable web application used for security training. It is not a crypto wallet project and contains no real credentials. [04:57:16] [19/81] Analyzing aoacc/arfleet-js... [04:57:17] [17/81] SKIP RapidDNS/Afuzz — This is a web path fuzzing tool for bug bounty hunting that contains a dictionary of common web paths to test. It has nothing to do with crypto wallets or committed credentials. [04:57:17] [20/81] Analyzing donnemartin/viz... [04:57:18] [18/81] SKIP asaotomo/SearchMap — This is a penetration testing reconnaissance tool (domain resolution, port scanning, directory fuzzing, etc.) — not a crypto wallet project. [04:57:18] [21/81] Analyzing BoltzExchange/boltz-backend... [04:57:23] [19/81] SKIP aoacc/arfleet-js — ArFleet is a decentralized storage protocol built on Arweave+ao for time-limited data storage from permissionless peers. It is not a crypto wallet project handling funds. [04:57:23] [22/81] Analyzing 0140454/hackbar... [04:57:25] [20/81] SKIP donnemartin/viz — This repository visualizes GitHub's most popular repos using ranking data. It has no relation to crypto wallets, credentials, or sensitive data. [04:57:25] [23/81] Analyzing ghsec/webHunt... [04:57:26] [21/81] SKIP BoltzExchange/boltz-backend — Boltz Backend is a non-custodial Bitcoin swap service backend. It does not contain accidentally committed credentials, private keys, or sensitive data. [04:57:26] [24/81] Analyzing decal/werdlists... [04:57:31] [22/81] SKIP 0140454/hackbar — This is a browser extension for penetration testing (HackBar) that includes a wordlist of common file paths for directory brute-forcing. It is not a crypto wallet project. [04:57:31] [25/81] Analyzing dshanske/syndication-links... [04:57:33] [23/81] SKIP ghsec/webHunt — This is a bug bounty hunting tool containing wordlists of sensitive file paths for web application testing. It has nothing to do with crypto wallets or accidentally committed credentials. [04:57:33] [26/81] Analyzing dailydotdev/daily-api... [04:57:33] [24/81] SKIP decal/werdlists — This is a wordlists/dictionaries collection for security testing, not a crypto wallet project. The match was on the word 'sqlite' appearing in a list of Freenode IRC channel sizes. [04:57:33] [27/81] Analyzing daifukunem/nem-tip-bot... [04:57:38] [25/81] SKIP dshanske/syndication-links — This is a WordPress plugin for displaying syndication links (cross-posting indicators) on blog posts. It has no relation to crypto wallets or credentials. [04:57:38] [28/81] Analyzing ResistanceIsUseless/dotfiles... [04:57:39] [26/81] SKIP dailydotdev/daily-api — This is the daily.dev API backend — a developer news aggregation platform. It has no relation to crypto wallets or credential management. [04:57:39] [29/81] Analyzing Gojo-Sense/ChainWallet... [04:57:43] [27/81] SKIP daifukunem/nem-tip-bot — This is a NEM cryptocurrency tip bot for Reddit that uses SQLite and wallet functionality, but all sensitive credentials (wallet password, Reddit API keys, database path) are properly loaded from environment variables via dotenv. [04:57:43] [30/81] Analyzing DenisPodgurskii/pentestkit... [04:57:48] [29/81] SKIP Gojo-Sense/ChainWallet — This is a student end-of-studies project (PFE) for a Flutter crypto wallet app called Aether Wallet. It contains no committed credentials, private keys, databases, or sensitive data. [04:57:48] [31/81] Analyzing psliwka/vim-dirtytalk... [04:57:48] [28/81] SKIP ResistanceIsUseless/dotfiles — This is a dotfiles repository containing a fuzzing/wordlist file used for web directory enumeration, not a crypto wallet project. [04:57:48] [32/81] Analyzing OriginTrail/edge-node-installer... [04:57:51] [30/81] SKIP DenisPodgurskii/pentestkit — This is OWASP Penetration Testing Kit, a browser extension for application security testing. The matched file is a wordlist of common paths used for directory brute-forcing during penetration tests. [04:57:51] [33/81] Analyzing KTH-LangSec/silent-spring... [04:57:55] [31/81] SKIP psliwka/vim-dirtytalk — This is a Vim spellcheck dictionary plugin for programmers. It has no relation to crypto wallets, credentials, or sensitive data. [04:57:55] [34/81] Analyzing caliwyr/Software... [04:57:57] [32/81] SKIP OriginTrail/edge-node-installer — This is an OriginTrail DKG Edge Node installer that uses environment variables for wallet configuration — no accidentally committed credentials or sensitive data found. [04:57:57] [35/81] Analyzing cristianstaicu/SecBench.js... [04:57:59] [33/81] SKIP KTH-LangSec/silent-spring — This is an academic security research project about prototype pollution vulnerabilities in Node.js, not a crypto wallet project. [04:57:59] [36/81] Analyzing razhzq/ci-backend-test... [04:58:04] [34/81] SKIP caliwyr/Software — This is a collection of hacking/pentesting tools and wordlists (Google Dorks, dirsearch paths), not a crypto wallet project. The match on 'wallet' and 'sqlite' was from a dirsearch wordlist file containing common directory/file paths. [04:58:04] [37/81] Analyzing mattncott/burger-bot... [04:58:07] [35/81] SKIP cristianstaicu/SecBench.js — This is a JavaScript security vulnerability benchmark suite (SecBench.js) cataloging 600 publicly reported npm package vulnerabilities, not a wallet project with leaked credentials. [04:58:07] [38/81] Analyzing fldraw/fldraw... [04:58:08] [36/81] SKIP razhzq/ci-backend-test — This is a crypto wallet backend that stores encrypted private keys in a PostgreSQL database and uses environment variables for configuration. No actual credentials or sensitive data are committed in the repository. [04:58:08] [39/81] Analyzing gousiosg/pullreqs... [04:58:11] [37/81] SKIP mattncott/burger-bot — This is a Discord 'Burger Bot' game bot that uses 'wallet' as an in-game currency concept (amountInWallet), not a cryptocurrency wallet project. [04:58:11] [40/81] Analyzing Shlok-Bhakta/ResuMate... [04:58:15] [38/81] SKIP fldraw/fldraw — This is a Flutter infinite canvas/diagramming library (tldraw alternative), not a crypto wallet project. The keyword 'wallet' appears only as an SVG icon name in auto-generated asset code. [04:58:15] [41/81] Analyzing ghtorrent/ghtorrent.org... [04:58:17] [39/81] SKIP gousiosg/pullreqs — This is an academic research repository analyzing pull request development models on GitHub. It contains lists of project names for analysis, not any wallet code or credentials. [04:58:17] [42/81] Analyzing TypeStrong/typedoc-auto-docs... [04:58:18] [40/81] SKIP Shlok-Bhakta/ResuMate — This is a resume builder tool (ResuMate) that helps developers tailor resumes to job postings. It has no relation to cryptocurrency wallets or credential storage. [04:58:18] [43/81] Analyzing GainSec/TreeHouse-Wordlists... [04:58:24] [42/81] SKIP TypeStrong/typedoc-auto-docs — This is a TypeDoc documentation generation project that automatically renders docs for the TypeScript ecosystem. It has nothing to do with crypto wallets or credentials. [04:58:24] [44/81] Analyzing Bywalks/DarkAngel... [04:58:25] [43/81] SKIP GainSec/TreeHouse-Wordlists — This is a collection of wordlists for penetration testing and security assessments, not a crypto wallet project. [04:58:25] [45/81] Analyzing MoarTube/MoarTube-Node... [04:58:32] [44/81] SKIP Bywalks/DarkAngel — This is a white hat vulnerability scanner (bug bounty tool) that scans websites for common paths. The 'wallet.dat' and 'wallet.json' references are just entries in a dirsearch scan output, not actual wallet credentials. [04:58:32] [46/81] Analyzing chainreactors/templates... [04:58:33] [45/81] SKIP MoarTube/MoarTube-Node — MoarTube-Node is a decentralized video streaming platform, not a crypto wallet project. It has no relation to storing or managing cryptocurrency private keys or wallet data. [04:58:33] [47/81] Analyzing NikolayKostadinov21/internal-price-oracle-with-wallet-balancer... [04:58:41] [47/81] SKIP NikolayKostadinov21/internal-price-oracle-with-wallet-balancer — This is a wallet balancing service that uses SQLite for operational data, but there's no evidence of accidentally committed credentials, private keys, seed phrases, or sensitive data. [04:58:41] [48/81] Analyzing scumdestroy/warlusts... [04:58:41] [46/81] SKIP chainreactors/templates — This is a security scanning templates repository (chainreactors) containing wordlists for directory/file brute-forcing, not a crypto wallet project. [04:58:41] [49/81] Analyzing JediOfNodeJS/ethereum-auto-withdrawal-wallet... [04:58:47] [48/81] SKIP scumdestroy/warlusts — This is a repository of curated wordlists for security testing/hacking, not a crypto wallet project. [04:58:47] [50/81] Analyzing Ayoubioussoufa/Basic-Crypto-Wallet... [04:58:53] [49/81] MATCH JediOfNodeJS/ethereum-auto-withdrawal-wallet — Ethereum auto-withdrawal wallet that stores private keys, seed phrases, and wallet data in a SQLite database, with a hardcoded private key directly in the source code. [04:58:53] [51/81] Analyzing laluka/pypotomux... [04:58:55] [50/81] SKIP Ayoubioussoufa/Basic-Crypto-Wallet — This is an unfinished basic crypto wallet project with a Sequelize/SQLite schema definition for storing encrypted private keys, but contains no actual committed credentials, database files with data, or hardcoded secrets. [04:58:55] [52/81] Analyzing coleak2021/dirpro... [04:59:02] [52/81] SKIP coleak2021/dirpro — This is a web directory scanner tool (dirpro) with a wordlist containing common file/directory names to scan for. It is not a crypto wallet project. [04:59:02] [53/81] Analyzing ethicalhackingplayground/pathbuster... [04:59:02] [51/81] SKIP laluka/pypotomux — This is a honeypot project containing wordlists of paths/URLs collected from attack traffic, not a crypto wallet project with leaked credentials. [04:59:02] [54/81] Analyzing algoq369/algoQbot... [04:59:10] [53/81] SKIP ethicalhackingplayground/pathbuster — This is a path-normalization pentesting tool (web fuzzer) with a wordlist of common file paths to probe for. It is not a crypto wallet project. [04:59:10] [55/81] Analyzing superXdev/micro-wallet... [04:59:14] [54/81] SKIP algoq369/algoQbot — This is a BSC trading bot that uses SQLite and handles private keys, but the repository does not contain any actually committed credentials or sensitive data - it uses proper .env file patterns for secrets. [04:59:14] [56/81] Analyzing jophab/StackOverflow--Badge-Hunter... [04:59:18] [55/81] SKIP superXdev/micro-wallet — This is a CLI crypto wallet that stores private keys in SQLite, but no actual database files with real credentials are committed to the repository. [04:59:18] [57/81] Analyzing mrbipss/CampNetwork-Auto-Bot... [04:59:22] [56/81] SKIP jophab/StackOverflow--Badge-Hunter — This is a StackOverflow badge-hunting toolkit (Python scripts for flagging, editing, voting on SO questions). It has nothing to do with crypto wallets. [04:59:22] [58/81] Analyzing ehmicky/Notes... [04:59:26] [57/81] MAYBE mrbipss/CampNetwork-Auto-Bot — CampNetwork automation bot that stores private keys in a SQLite database (transactions.db) alongside source code, handling crypto wallet operations including CEX withdrawals and cross-chain swaps. [04:59:26] [59/81] Analyzing sabertazimi/notes... [04:59:29] [58/81] SKIP ehmicky/Notes — This is a personal knowledge base / notes repository about various technologies. It contains no wallet code, no credentials, and no crypto wallet functionality. [04:59:29] [60/81] Analyzing indieweb/wordpress-indieweb... [04:59:34] [59/81] SKIP sabertazimi/notes — This is a personal learning notes repository containing curated lists of libraries and development resources. It has no wallet functionality, no credentials, and no sensitive data. [04:59:34] [61/81] Analyzing orwagodfather/WordList... [04:59:36] [60/81] SKIP indieweb/wordpress-indieweb — This is a WordPress IndieWeb identity plugin for establishing web presence. It has no relation to crypto wallets or credentials. [04:59:36] [62/81] Analyzing xiaobaiha/github-trending-history... [04:59:38] [41/81] SKIP ghtorrent/ghtorrent.org — This is the GHtorrent project website repository, which is a research project for mining GitHub data. It has no relation to crypto wallets or credentials. [04:59:38] [63/81] Analyzing m-alaiady/WebPathScanner... [04:59:41] [61/81] SKIP orwagodfather/WordList — This repository is a wordlist/dictionary file used for web security scanning and fuzzing, containing URL paths and common file locations. It is not a crypto wallet project. [04:59:41] [64/81] Analyzing meta-introspector/time... [04:59:43] [62/81] SKIP xiaobaiha/github-trending-history — This repository records daily GitHub trending repositories and has no relation to crypto wallets, credentials, or sensitive data. [04:59:43] [65/81] Analyzing fengzhouc/FuzzPayloadGennerator... [04:59:45] [63/81] SKIP m-alaiady/WebPathScanner — This is a web path/directory scanner (pentesting tool) that contains a wordlist of common filenames to probe on web servers. It is not a crypto wallet project. [04:59:45] [66/81] Analyzing uzairmin/JobBlazer-BE... [04:59:48] [64/81] SKIP meta-introspector/time — This repository is a timeline/container hosting template that contains diff files listing GitHub repository URLs. It has no relation to crypto wallets or committed credentials. [04:59:48] [67/81] Analyzing mgks/GitHubTree... [04:59:53] [66/81] SKIP uzairmin/JobBlazer-BE — This is a job scraping/job portal backend application built with Django and PostgreSQL. It has no relation to crypto wallets or credentials. [04:59:53] [68/81] Analyzing nu11pointer/fuzzlists... [04:59:55] [67/81] SKIP mgks/GitHubTree — GitHubTree is a repository visualization tool that displays folder structures of GitHub repos. It has no relation to crypto wallets or sensitive credentials. [04:59:55] [69/81] Analyzing zengzzzzz/golang-trending-archive... [04:59:55] [65/81] SKIP fengzhouc/FuzzPayloadGennerator — This is a Burp Suite Intruder payload/dictionary generator plugin for security testing (fuzzing). It contains wordlists of common file paths and extensions for web directory brute-forcing. [04:59:55] [70/81] Analyzing rknightuk/monzo-pot-image-generator... [05:00:00] [68/81] SKIP nu11pointer/fuzzlists — This is a fuzzing/wordlist collection for penetration testing and bug bounty, not a crypto wallet project with committed credentials. [05:00:00] [71/81] Analyzing hangyan/generate-cs-word-dict... [05:00:01] [70/81] SKIP rknightuk/monzo-pot-image-generator — This is a Monzo pot image generator tool that creates decorative images for Monzo bank savings pots. It has no relation to crypto wallets or credentials. [05:00:01] [72/81] Analyzing wjlin0/pathScan... [05:00:02] [69/81] SKIP zengzzzzz/golang-trending-archive — This is a GitHub trending archive repository that tracks trending projects across various programming languages. It has no relation to crypto wallets or sensitive credentials. [05:00:02] [73/81] Analyzing NozyZy/Le-ptit-bot... [05:00:07] [71/81] SKIP hangyan/generate-cs-word-dict — This repository is a spell-check dictionary generated from StackOverflow/GitHub tags for use in editors like Emacs and PyCharm. It has nothing to do with crypto wallets or credentials. [05:00:07] [74/81] Analyzing MardukExchange/lnsovbridge... [05:00:10] [73/81] SKIP NozyZy/Le-ptit-bot — This is a French Discord chatbot (Python) with a dictionary/word list file. It has no relation to cryptocurrency wallets or sensitive credentials. [05:00:10] [75/81] Analyzing emadshanab/DIR-WORDLISTS... [05:00:11] [72/81] SKIP wjlin0/pathScan — This is a path/URL scanning and fingerprint detection tool written in Go. The matched file is a dictionary of common paths to scan for during security assessments, not actual wallet data or credentials. [05:00:11] [76/81] Analyzing horaguchi/github-trending-history... [05:00:17] [74/81] SKIP MardukExchange/lnsovbridge — This is a Lightning Network to RSK bridge (submarine swap service) that uses SQLite for storing swap data and key provider references, but there are no accidentally committed credentials, private keys, seed phrases, or database files with sensitive data. [05:00:17] [77/81] Analyzing lobehub/lobe-readme-wizard... [05:00:18] [75/81] SKIP emadshanab/DIR-WORDLISTS — This is a directory/file wordlist collection for bug bounty hunters, not a crypto wallet project. The mention of 'wallet.dat' and 'wallet.json' are just common filenames in a brute-force directory enumeration list. [05:00:18] [78/81] Analyzing Open-Technology-Foundation/rtfm... [05:00:18] [76/81] SKIP horaguchi/github-trending-history — This repository is a historical archive of GitHub trending repositories, stored as markdown tables. It has no relation to crypto wallets or leaked credentials. [05:00:18] [79/81] Analyzing jwt1399/Sec-Tools... [05:00:24] [77/81] SKIP lobehub/lobe-readme-wizard — This is a README generator tool by LobeHub for creating styled product documentation. It has no relation to crypto wallets or credential storage. [05:00:24] [80/81] Analyzing neeleshbokkisam/crypto_wallet... [05:00:25] [78/81] SKIP Open-Technology-Foundation/rtfm — This is a Linux documentation lookup tool (like 'man' pages) that has nothing to do with crypto wallets, credentials, or sensitive data. [05:00:25] [81/81] Analyzing frodeaa/github_trending_archive... [05:00:27] [79/81] SKIP jwt1399/Sec-Tools — This is a web security penetration testing tool (vulnerability scanner, port scanner, etc.) built with Python-Django. The match was from a directory brute-force wordlist containing 'wallet.dat' and 'wallet.json' as common filenames to scan for. [05:00:32] [81/81] SKIP frodeaa/github_trending_archive — This is an archive of GitHub daily trending repositories, simply listing links to popular repos. It has no relation to crypto wallets or committed credentials. [05:00:33] [80/81] MAYBE neeleshbokkisam/crypto_wallet — Crypto wallet project that stores private keys in a SQLite database (wallets.sqlite) alongside source code, with a deployed Heroku instance suggesting real usage. [05:00:33] Searching: "prisma sqlite wallet crypto transfer" [05:00:36] Page 1: +100 items, 60 repos total [05:00:43] Found 60 repos (39 new, 21 already seen) [05:00:43] [1/39] Analyzing rust-unofficial/awesome-rust... [05:00:43] [2/39] Analyzing guanguans/favorite-link... [05:00:43] [3/39] Analyzing modelcontextprotocol/servers... [05:00:51] [2/39] SKIP guanguans/favorite-link — This is a curated collection of favorite open-source project links, essentially a bookmark/link aggregation repository. It has no relation to crypto wallets, credentials, or sensitive data. [05:00:51] [4/39] Analyzing prince-hope1975/90plus... [05:00:51] [1/39] SKIP rust-unofficial/awesome-rust — This is an 'awesome list' curating Rust libraries and tools. It contains no wallet projects, no committed credentials, and no sensitive data. [05:00:51] [5/39] Analyzing siramet1999/Cryptocurrency... [05:00:53] [3/39] SKIP modelcontextprotocol/servers — This is the official Model Context Protocol (MCP) servers repository - a collection of reference implementations and a directory of third-party MCP servers for AI/LLM integration. It has nothing to do with crypto wallets or accidentally committed credentials. [05:00:53] [6/39] Analyzing texstudio-org/texstudio... [05:00:58] [4/39] SKIP prince-hope1975/90plus — This is a generic Next.js project that migrated from Prisma to Drizzle ORM. It mentions 'wallets' in its schema but shows no evidence of being a crypto wallet project or containing any accidentally committed credentials. [05:00:58] [7/39] Analyzing erfanoabdi/ErfanGSIs... [05:01:00] [6/39] SKIP texstudio-org/texstudio — TeXstudio is a LaTeX editor. The search match was from a completion word list file (simpleicons.cwl) that contains icon names including 'sqlite', which is entirely unrelated to crypto wallets or credentials. [05:01:00] [8/39] Analyzing aneasystone/github-trending... [05:01:00] [5/39] SKIP siramet1999/Cryptocurrency — This is a cryptocurrency exchange/trading practice project using Prisma with SQLite, but it does not contain any accidentally committed credentials, private keys, seed phrases, or sensitive data. [05:01:00] [9/39] Analyzing PacktPublishing/Mastering-PyTorch... [05:01:07] [7/39] SKIP erfanoabdi/ErfanGSIs — This repository is a tool for creating Generic System Images (GSIs) from phone firmware. It has no relation to crypto wallets, private keys, or sensitive credentials. [05:01:07] [10/39] Analyzing Sachin1785/yellow... [05:01:07] [8/39] SKIP aneasystone/github-trending — This is a repository that tracks GitHub trending projects using GitHub Actions. It contains only markdown files listing links to trending repositories. [05:01:07] [11/39] Analyzing laravellously/peerwood... [05:01:08] [9/39] SKIP PacktPublishing/Mastering-PyTorch — This is the official code repository for the book 'Mastering PyTorch' published by Packt. It contains PyTorch deep learning tutorials and has no relation to crypto wallets or credentials. [05:01:08] [12/39] Analyzing quaap/LaunchTime... [05:01:14] [10/39] SKIP Sachin1785/yellow — CryptoBazaar is a P2P crypto trading platform built with Next.js, but it does not contain any accidentally committed credentials, private keys, or sensitive data. [05:01:14] [13/39] Analyzing Yves848/WingetPosh... [05:01:15] [12/39] SKIP quaap/LaunchTime — This is an Android alternative launcher/homescreen app. It has no relation to cryptocurrency wallets, private keys, or sensitive credentials. [05:01:15] [14/39] Analyzing snowfallorg/nixos-appstream-generator... [05:01:17] [11/39] SKIP laravellously/peerwood — This is a RedwoodJS P2P crypto trading platform with a Prisma schema using SQLite, but it contains no actual committed credentials, private keys, seed phrases, or sensitive data — only an empty database schema. [05:01:17] [15/39] Analyzing RepoAnalysis/RepoSnipy... [05:01:21] [13/39] SKIP Yves848/WingetPosh — This is a PowerShell module for managing Windows packages via winget. It has no relation to crypto wallets, private keys, or sensitive credentials. [05:01:21] [16/39] Analyzing codepraycode/codepraycode... [05:01:22] [14/39] SKIP snowfallorg/nixos-appstream-generator — This is a NixOS appstream data generator that iterates over nix packages to extract appstream metadata. It has nothing to do with crypto wallets or credentials. [05:01:22] [17/39] Analyzing kallsyms/go-graph... [05:01:25] [15/39] SKIP RepoAnalysis/RepoSnipy — This is a neural search engine for discovering semantically similar Python repositories on GitHub. It has no relation to crypto wallets, credentials, or sensitive data. [05:01:25] [18/39] Analyzing 0i0/deepme-crawler... [05:01:29] [16/39] SKIP codepraycode/codepraycode — This is a personal portfolio/resume repository for a developer. It contains no credentials, private keys, or sensitive data — only portfolio descriptions of past work experience. [05:01:29] [19/39] Analyzing ChristianNyamekye/transfer-backend... [05:01:30] [17/39] SKIP kallsyms/go-graph — This is a code search/analysis tool that builds a graph database of Go code relationships. It has no relation to crypto wallets or sensitive credentials. [05:01:30] [20/39] Analyzing arthurka-o/streambeam... [05:01:34] [18/39] SKIP 0i0/deepme-crawler — This repository is a web crawler that stores GitHub repository names and star counts in CSV files. It has no relation to crypto wallets, credentials, or sensitive data. [05:01:34] [21/39] Analyzing jitenkr2030/VPS-management... [05:01:37] [19/39] SKIP ChristianNyamekye/transfer-backend — This is a money transfer backend using Prisma with SQLite, but it contains no accidentally committed credentials, private keys, or sensitive data — just a schema definition. [05:01:37] [22/39] Analyzing seanpm2001/GitHub_Starlist... [05:01:39] [20/39] SKIP arthurka-o/streambeam — StreamBeam is a decentralized donation platform for content creators using LayerZero cross-chain support. It is not a crypto wallet project and does not contain accidentally committed credentials. [05:01:39] [23/39] Analyzing Joana-Cabral/CVSS_Prediction... [05:01:43] [21/39] SKIP jitenkr2030/VPS-management — This is a VPS hosting management platform (not a crypto wallet project). The 'crypto wallet address' reference is merely a field in a billing/payment schema for accepting cryptocurrency payments. [05:01:43] [24/39] Analyzing particlefuture/1mcpserver... [05:01:47] [22/39] SKIP seanpm2001/GitHub_Starlist — This is a personal GitHub star list repository that simply tracks URLs of repositories a user has starred. It contains no wallet code, credentials, or sensitive data. [05:01:47] [25/39] Analyzing telexyz/GPT4VN... [05:01:48] [23/39] SKIP Joana-Cabral/CVSS_Prediction — This is a machine learning research project for predicting CVSS (Common Vulnerability Scoring System) metrics from vulnerability descriptions. It has no relation to crypto wallets or committed credentials. [05:01:48] [26/39] Analyzing Aaditya1273/SolanaPay... [05:01:51] [24/39] SKIP particlefuture/1mcpserver — This is a curated directory/registry of MCP (Model Context Protocol) servers. It has no relation to crypto wallets, private keys, or accidentally committed credentials. [05:01:51] [27/39] Analyzing onvio/wordlists... [05:01:54] [25/39] SKIP telexyz/GPT4VN — This is a Vietnamese GPT chatbot fine-tuning project for language models, completely unrelated to crypto wallets or credential management. [05:01:54] [28/39] Analyzing Aviksaikat/WalkThroughs... [05:01:56] [26/39] SKIP Aaditya1273/SolanaPay — This is a Web3 payment/rewards platform (not a crypto wallet) with a Prisma schema using SQLite, but the DATABASE_URL is properly loaded from environment variables and no credentials or sensitive data are committed. [05:01:56] [29/39] Analyzing X-lab2017/open-digger... [05:01:57] [27/39] SKIP onvio/wordlists — This is a wordlist repository for subdomain and directory bruteforcing used in security reconnaissance, not a crypto wallet project. [05:01:57] [30/39] Analyzing igoigloo/FairHold_ETH... [05:02:02] [28/39] SKIP Aviksaikat/WalkThroughs — This is a CTF (Capture The Flag) writeups repository containing security challenge walkthroughs, not a crypto wallet project. [05:02:02] [31/39] Analyzing OpenAiTx/OpenAiTx... [05:02:05] [29/39] SKIP X-lab2017/open-digger — OpenDigger is an open source analysis platform for analyzing open source project data. It has no relation to crypto wallets or credential storage. [05:02:05] [32/39] Analyzing bryanlabs/snapshots... [05:02:13] [31/39] SKIP OpenAiTx/OpenAiTx — This is an auto-translation platform (OpenAiTx) that translates GitHub README files into multiple languages. The matched snippets are from translated awesome-lists of MCP servers that merely mention wallet/crypto keywords in descriptions of third-party projects. [05:02:13] [33/39] Analyzing MISP/misp-warninglists... [05:02:15] [30/39] MATCH igoigloo/FairHold_ETH — A crypto escrow wallet platform (FairHold_ETH) that has accidentally committed what appears to be a real Coinbase CDP private key directly in its API-SETUP-DOC.md file, not as a placeholder but as an example that looks like an actual downloaded credential. [05:02:15] [34/39] Analyzing mogretici/rn-iconify... [05:02:15] [32/39] SKIP bryanlabs/snapshots — This is a blockchain snapshot hosting service (for downloading chain data snapshots), not a crypto wallet project. It uses SQLite via Prisma for user/session management with proper env var usage for the database URL. [05:02:15] [35/39] Analyzing Hxnxe/CyberSentinel-AI... [05:02:22] [33/39] SKIP MISP/misp-warninglists — This is the MISP warning lists repository, containing lists of well-known domains/IPs used to detect false positives in threat intelligence. It has no relation to crypto wallets or accidentally committed credentials. [05:02:22] [36/39] Analyzing SADMAN30102001SAKIB/portfolio... [05:02:22] [34/39] SKIP mogretici/rn-iconify — This is a React Native icon library (rn-iconify) providing 268,000+ icons. It has no relation to crypto wallets, credentials, or sensitive data. [05:02:22] [37/39] Analyzing nayrbryanGaming/NNG-DISCORD-BOT... [05:02:24] [35/39] SKIP Hxnxe/CyberSentinel-AI — This is an automated security monitoring and AI analysis system (CyberSentinel AI) that aggregates security news, CVEs, and GitHub repository information. It is not a crypto wallet project. [05:02:24] [38/39] Analyzing pkgforge-community/AM-HF-SYNC... [05:02:30] [36/39] SKIP SADMAN30102001SAKIB/portfolio — This is a personal portfolio website showcasing the developer's projects. It contains no credentials, private keys, or sensitive data. [05:02:30] [39/39] Analyzing onpaws/babys-first-index... [05:02:30] [37/39] SKIP nayrbryanGaming/NNG-DISCORD-BOT — This is a Discord bot for monitoring social media profiles and announcing new content. It is not a crypto wallet project. [05:02:31] [38/39] SKIP pkgforge-community/AM-HF-SYNC — This is a Linux application package manager database (AM/AppMan) that lists thousands of portable apps and AppImages. It has no relation to crypto wallet projects or accidentally committed credentials. [05:02:40] [39/39] SKIP onpaws/babys-first-index — This is a simple educational project about building a database index from scratch in Python. It has nothing to do with crypto wallets or sensitive credentials. [05:02:40] Searching: "DATABASE_URL sqlite wallet crypto send" [05:02:41] Page 1: +100 items, 88 repos total [05:02:48] Found 88 repos (73 new, 15 already seen) [05:02:48] [1/73] Analyzing kamlesh9876/API... [05:02:48] [2/73] Analyzing mobilecoinofficial/full-service... [05:02:48] [3/73] Analyzing MAGNUSstudios/avalanche-backend... [05:02:56] [2/73] SKIP mobilecoinofficial/full-service — This is the official MobileCoin full-service wallet implementation. It uses SQLite for wallet storage and reads encryption keys from environment variables — this is proper security practice, not accidentally committed credentials. [05:02:56] [4/73] Analyzing ethereumdegen/stark-bot... [05:02:57] [1/73] SKIP kamlesh9876/API — This is a generic payment wallet API demo project (fiat currency like USD, not crypto) that is part of a collection of 40 FastAPI tutorial/demo APIs. It contains no real credentials, private keys, or sensitive data. [05:02:57] [5/73] Analyzing mohammed-elhaj/crypto_analyzer_bot... [05:02:58] [3/73] SKIP MAGNUSstudios/avalanche-backend — This is a freelancing/marketplace platform backend called 'Avalanche' — not a crypto wallet project. The 'Wallet' model is just a database schema with no committed credentials or sensitive data. [05:02:58] [6/73] Analyzing AENDYSTUDIO/NORMALDANCE-INFRASTRUCTURE... [05:03:06] [4/73] SKIP ethereumdegen/stark-bot — StarkBot is an open-source AI agent framework with crypto wallet capabilities. It stores API keys in SQLite by design, but this is an intentional architecture choice — no actual credentials or sensitive data are accidentally committed in the repository. [05:03:06] [7/73] Analyzing THARAGESHWARAN-SATHYAMOORTHY/Cypher-D... [05:03:06] [5/73] SKIP mohammed-elhaj/crypto_analyzer_bot — This is a cryptocurrency market analysis and education Telegram bot, not a wallet project. It does not handle private keys, seed phrases, or real crypto funds. [05:03:06] [8/73] Analyzing Proxy-Agent-Network/core... [05:03:08] [6/73] SKIP AENDYSTUDIO/NORMALDANCE-INFRASTRUCTURE — This is an infrastructure planning/documentation repository for a Web3 music platform's 'Invisible Wallet' feature. It contains only implementation plans, architecture diagrams, and TypeScript interface definitions — no actual code, no committed databases, and no real credentials. [05:03:08] [9/73] Analyzing open-webui/docs... [05:03:15] [9/73] SKIP open-webui/docs — This is the documentation repository for Open WebUI, an AI chat interface for LLMs. It has no relation to crypto wallets or cryptocurrency. [05:03:15] [10/73] Analyzing osssanitizer/maloss... [05:03:17] [7/73] SKIP THARAGESHWARAN-SATHYAMOORTHY/Cypher-D — This is a mock/demo Web3 wallet application for educational purposes. It does not contain any accidentally committed credentials or sensitive data. [05:03:17] [11/73] Analyzing elophanto/EloPhanto... [05:03:17] [8/73] SKIP Proxy-Agent-Network/core — This is a DePIN (Decentralized Physical Infrastructure Network) dispatch system for autonomous vehicle support agents, not a crypto wallet project. The 'Wallet' is just a balance ledger for fiat micropayments, not a crypto wallet storing private keys. [05:03:17] [12/73] Analyzing credebl/platform... [05:03:23] [10/73] SKIP osssanitizer/maloss — This is a research tool for measuring supply chain attacks on package managers (npm, PyPI, RubyGems). It has no relation to crypto wallets or accidentally committed credentials. [05:03:23] [13/73] Analyzing nexusosdaily-code/NexusOS... [05:03:27] [12/73] SKIP credebl/platform — This is a Decentralized Identity & Verifiable Credentials platform (SSI), not a crypto wallet project handling real funds. The .env.sample file contains only placeholders (xxxxx, xxxxxxx) and comments like '// Please specify your...'. [05:03:27] [14/73] Analyzing VanshChitransh/mpc-assignment... [05:03:28] [11/73] SKIP elophanto/EloPhanto — EloPhanto is an open-source AI agent framework for autonomous business building. It mentions crypto wallets and Supabase credentials in its architecture, but does not contain any accidentally committed credentials or sensitive data. [05:03:28] [15/73] Analyzing NacktGem/GPSkilledGuardian... [05:03:30] [13/73] SKIP nexusosdaily-code/NexusOS — This is a wallet project but does NOT contain any accidentally committed credentials or sensitive data. It properly uses environment variables, password prompts, and hidden input for sensitive operations. [05:03:30] [16/73] Analyzing towns-protocol/towns... [05:03:37] [15/73] SKIP NacktGem/GPSkilledGuardian — This is a Discord bot project for cryptocurrency payments and OSRS gold trading, but it uses proper environment variable configuration with no accidentally committed credentials or sensitive data. [05:03:37] [17/73] Analyzing lacksfish/chainherit... [05:03:39] [16/73] SKIP towns-protocol/towns — Towns Protocol is a decentralized encrypted chat network with a bot framework. It is not a crypto wallet project and contains no committed credentials or sensitive data. [05:03:39] [18/73] Analyzing jamesdouglasskirk96/Nerava... [05:03:40] [14/73] SKIP VanshChitransh/mpc-assignment — This is an MPC Solana wallet assignment/project with only default development credentials (localhost database URLs, a JWT secret for local dev). No real private keys, seed phrases, wallet data, or production credentials are exposed. [05:03:40] [19/73] Analyzing Sohimaster/traur... [05:03:45] [17/73] SKIP lacksfish/chainherit — Chainherit is a Bitcoin inheritance management tool that properly encrypts its local database and does not contain any accidentally committed credentials or sensitive data. [05:03:45] [20/73] Analyzing OnyxEscrow/Onyx... [05:03:47] [18/73] SKIP jamesdouglasskirk96/Nerava — This is an Energy Engagement Platform (EV charging related), not a crypto wallet project. The 'wallet' references are about Apple Wallet passes, not cryptocurrency wallets. [05:03:47] [21/73] Analyzing satelinkinternet-collab/Satelink_Network... [05:03:48] [19/73] SKIP Sohimaster/traur — This is a Rust-based trust scoring tool for Arch User Repository (AUR) packages that detects malicious patterns in PKGBUILDs. It is not a crypto wallet project and contains no committed credentials. [05:03:48] [22/73] Analyzing samchez9826/jiayouachunyu... [05:03:55] [21/73] SKIP satelinkinternet-collab/Satelink_Network — This is a Hardhat/network infrastructure project (Satelink Network) with an API layer using SQLite, but it is not a crypto wallet project and contains no accidentally committed credentials or sensitive data. [05:03:55] [23/73] Analyzing rolznz/lncurl... [05:03:56] [20/73] SKIP OnyxEscrow/Onyx — This is a well-architected non-custodial Monero escrow system that uses proper security practices including environment variables, SQLCipher encryption, Shamir secret sharing for DB keys, and placeholder validation. [05:03:56] [24/73] Analyzing RYthaGOD/invoix... [05:03:59] [22/73] SKIP samchez9826/jiayouachunyu — This is a Dota2 game analytics community platform, not a crypto wallet project. It contains a hardcoded STRATZ API key (a gaming data API), but no wallet private keys, seed phrases, or crypto fund management. [05:03:59] [25/73] Analyzing praise741/Crypto-fastapi... [05:04:03] [24/73] SKIP RYthaGOD/invoix — Invoix is a B2B invoicing platform on Solana, not a crypto wallet project. It handles invoice creation and payment settlement but does not store private keys, seed phrases, or wallet data. [05:04:03] [26/73] Analyzing rembertdesigns/Programming-Language-Tutorials... [05:04:04] [23/73] SKIP rolznz/lncurl — This is a custodial Lightning wallet service (lncurl.lol) powered by Alby Hub. It does not contain any accidentally committed credentials, private keys, or sensitive data. [05:04:04] [27/73] Analyzing claudefi/claudefi... [05:04:08] [25/73] SKIP praise741/Crypto-fastapi — This is a crypto market data/analytics platform (Market Matrix) built with FastAPI, not a wallet project handling real crypto funds or private keys. [05:04:08] [28/73] Analyzing Samuelms46/FintelliUG... [05:04:10] [26/73] SKIP rembertdesigns/Programming-Language-Tutorials — This is a programming tutorial/reference repository containing educational code examples across multiple languages, including blockchain Python examples. It contains no real credentials or wallet data. [05:04:10] [29/73] Analyzing breakingcircuits1337/freedomb4money... [05:04:12] [27/73] SKIP claudefi/claudefi — This is an open-source DeFi trading agent that generates wallets during setup and saves private keys to .env files — it does not contain accidentally committed credentials or sensitive data. [05:04:12] [30/73] Analyzing proganalysis/python3_types... [05:04:20] [28/73] SKIP Samuelms46/FintelliUG — This is a fintech market intelligence/research platform for Uganda's ecosystem, not a crypto wallet project. It uses proper environment variable configuration with no leaked credentials. [05:04:20] [31/73] Analyzing agenticmail/enterprise... [05:04:20] [29/73] SKIP breakingcircuits1337/freedomb4money — This is a banking/payments app scaffold (Cash App clone) built with Next.js and Stripe — it's a mock demo with no real credentials committed and no crypto wallet functionality. [05:04:20] [32/73] Analyzing ashuryasaf/phins... [05:04:21] [30/73] SKIP proganalysis/python3_types — This is a Python type analysis research repository that analyzes import statistics and type errors across ~2700 Python repositories using mypy, pylint, and pytype. It has no relation to crypto wallets or committed credentials. [05:04:21] [33/73] Analyzing trackawesomelist/trackawesomelist... [05:04:30] [32/73] SKIP ashuryasaf/phins — This is an insurance management platform (PHINS), not a crypto wallet project. It does not store private keys, seed phrases, or handle crypto funds. [05:04:30] [34/73] Analyzing osirislab/LeakyPastes-V2... [05:04:30] [33/73] SKIP trackawesomelist/trackawesomelist — This is an awesome-list tracking repository that aggregates links to Elixir/Erlang libraries. It has no wallet functionality, no credentials, and no sensitive data. [05:04:30] [35/73] Analyzing Traviseric/openbazaar-ai... [05:04:31] [31/73] SKIP agenticmail/enterprise — This is an enterprise AI agent platform (AgenticMail) for managing AI agents with email/messaging capabilities, not a crypto wallet project with leaked credentials. [05:04:31] [36/73] Analyzing jdaly13/yellow-in-green... [05:04:38] [36/73] SKIP jdaly13/yellow-in-green — This is a Web3 trivia game app (not a wallet project) deployed on Polygon. The code matches are just reference links in a docs file, not actual credentials or sensitive data. [05:04:38] [37/73] Analyzing LukeFost/fusion-tron-bridge... [05:04:38] [34/73] SKIP osirislab/LeakyPastes-V2 — This is a pastebin archiving project that scrapes public pastes from pastebin.com. It is not a crypto wallet project. [05:04:38] [38/73] Analyzing thgsantos16/polytest... [05:04:41] [35/73] SKIP Traviseric/openbazaar-ai — This is an open-source marketplace platform (OpenBazaar.ai) with proper env var usage for credentials. The HUMAN_TASKS.md file explicitly instructs humans to configure credentials via .env files — no actual credentials are committed. [05:04:41] [39/73] Analyzing 1wweewe1/Smart-Crypto-Agent... [05:04:47] [37/73] SKIP LukeFost/fusion-tron-bridge — This is a cross-chain bridge project (TRON ↔ EVM) using HTLC atomic swaps. It properly uses environment variables for private keys and has no committed credentials or sensitive data. [05:04:47] [40/73] Analyzing YogeshK34/Stealth-Address-Payment-System... [05:04:47] [38/73] SKIP thgsantos16/polytest — This is a Polymarket trading interface demo with a Telegram bot setup guide. It contains no real accidentally committed credentials — only placeholder/template values in documentation. [05:04:47] [41/73] Analyzing NEDA-LABS/NedaPay... [05:04:50] [39/73] SKIP 1wweewe1/Smart-Crypto-Agent — This is a crypto market analysis/recommendation agent, not a wallet project. It uses SQLite for storing analysis recommendations, not private keys or wallet data. [05:04:50] [42/73] Analyzing InverseAltruism/Star-World-Order... [05:04:55] [41/73] SKIP NEDA-LABS/NedaPay — NedaPay is a stablecoin payment platform built with Next.js and Prisma. It properly uses environment variables for all sensitive credentials and does not contain any accidentally committed secrets. [05:04:55] [43/73] Analyzing Flow-Research/Flow... [05:04:56] [40/73] SKIP YogeshK34/Stealth-Address-Payment-System — This is a stealth address payment system project that uses SQLite/Prisma and BitGo SDK, but contains no accidentally committed credentials or sensitive data. [05:04:56] [44/73] Analyzing sertr4linee/foundryui... [05:05:00] [42/73] SKIP InverseAltruism/Star-World-Order — This is an NFT DAO/governance project (Star World Order) for Star Skrumpey NFT holders on Monad blockchain, not a crypto wallet project handling private keys or funds. [05:05:00] [45/73] Analyzing verisource/verisource-api-production... [05:05:04] [43/73] SKIP Flow-Research/Flow — Flow is a decentralized peer-to-peer knowledge management and sharing network. It is not a crypto wallet project and contains no committed credentials or sensitive data. [05:05:04] [46/73] Analyzing elizaOS/discord-summarizer... [05:05:04] [44/73] SKIP sertr4linee/foundryui — FoundryUI is a local web interface for Foundry blockchain development tools (Anvil, Forge, Cast). It is not a crypto wallet project and contains no accidentally committed credentials. [05:05:04] [47/73] Analyzing 7aku8/telegram-cold-message... [05:05:09] [45/73] SKIP verisource/verisource-api-production — This is a media verification API (image/video/audio fingerprinting) that uses blockchain timestamping services, not a crypto wallet project handling funds. [05:05:09] [48/73] Analyzing mconstant/pay2slay2... [05:05:12] [46/73] SKIP elizaOS/discord-summarizer — This is a Discord chat summarizer tool that uses LLMs to analyze Discord channel exports. It has no relation to crypto wallet projects or committed credentials. [05:05:12] [49/73] Analyzing terryyz/X-Repo2Run... [05:05:13] [47/73] SKIP 7aku8/telegram-cold-message — This is a Telegram lead generation/cold messaging bot for marketing crypto business services, not a crypto wallet project. All credentials use proper environment variables with placeholder defaults. [05:05:13] [50/73] Analyzing subculture-collective/internet-id... [05:05:18] [48/73] SKIP mconstant/pay2slay2 — This is a Banano cryptocurrency faucet for Fortnite kills, not a wallet project. It uses proper environment variables and dry-run mode, with no accidentally committed credentials or sensitive data. [05:05:18] [51/73] Analyzing h4cc/awesome-elixir... [05:05:20] [49/73] SKIP terryyz/X-Repo2Run — This is a tool for configuring and running repositories with automated dependency management (Docker environments). The match was on 'wallet' appearing in a massive list of Python package names (pipreqs_requirements.txt). [05:05:20] [52/73] Analyzing KodaTCG/moltpair... [05:05:23] [50/73] SKIP subculture-collective/internet-id — This is a content provenance/anchoring project (not a crypto wallet) that documents environment variables with placeholder examples — no actual credentials are committed. [05:05:23] [53/73] Analyzing Scetrov/void-eid... [05:05:26] [51/73] SKIP h4cc/awesome-elixir — This is a curated list of Elixir/Erlang libraries and resources (an 'awesome list'). It has no connection to crypto wallet projects or accidentally committed credentials. [05:05:26] [54/73] Analyzing gnew1/GNEW3... [05:05:28] [52/73] SKIP KodaTCG/moltpair — This is an AI agent co-working/marketplace platform, not a crypto wallet project. The matched snippets are placeholder configuration examples in a production checklist document. [05:05:28] [55/73] Analyzing hhrianyk/TIT4N_Crypto_Forge... [05:05:30] [53/73] SKIP Scetrov/void-eid — This is an EVE Frontier game tribe management portal that links Discord identities with Sui blockchain wallet addresses. It does not handle real crypto funds, store private keys, or contain any accidentally committed credentials. [05:05:30] [56/73] Analyzing Direct-Private-Offers/DTCC-Django... [05:05:34] [54/73] SKIP gnew1/GNEW3 — This is a GNEW monorepo for smart contracts, governance tokens, and project KPI tracking — not a crypto wallet project, and contains no accidentally committed credentials. [05:05:34] [57/73] Analyzing KeethTalks/crypto-holdings-tracker... [05:05:36] [55/73] SKIP hhrianyk/TIT4N_Crypto_Forge — This is a crypto payment processing system (payment links, not a wallet) that uses proper .env file configuration for secrets, with no evidence of accidentally committed credentials or sensitive data. [05:05:36] [58/73] Analyzing istarwyh/mcpadvisor... [05:05:40] [56/73] SKIP Direct-Private-Offers/DTCC-Django — This is a Django backend for DTCC-compliant Security Token Operations. It does not contain accidentally committed credentials or sensitive data. [05:05:40] [59/73] Analyzing crowdbotics-apps/cryptonite-24711... [05:05:41] [57/73] SKIP KeethTalks/crypto-holdings-tracker — This is a corporate crypto treasury tracker that monitors SEC filings — not a wallet project. All credentials shown are placeholder examples in .env.example files. [05:05:41] [60/73] Analyzing RuneLabsxyz/PonziLand... [05:05:44] [58/73] SKIP istarwyh/mcpadvisor — This is an MCP (Model Context Protocol) server discovery and recommendation tool, not a crypto wallet project. The mention of 'Coinbase' and 'MPC Wallet' is merely a tag in a large JSON catalog of MCP servers. [05:05:44] [61/73] Analyzing Nayab-23/alien... [05:05:48] [59/73] SKIP crowdbotics-apps/cryptonite-24711 — This is a Crowdbotics-generated React Native scaffold app that happens to have a 'wallet' module listed, but contains no actual crypto wallet functionality, no committed credentials, and uses proper environment variable patterns throughout. [05:05:48] [62/73] Analyzing xkonjin/xUSDT... [05:05:52] [60/73] SKIP RuneLabsxyz/PonziLand — PonziLand is a fully onchain DeFi metagame on Starknet — not a crypto wallet project. The matched snippets are CI/build agent logs showing Nix/Cargo compilation attempts, with no leaked credentials or sensitive data. [05:05:52] [63/73] Analyzing classyjennie2-debug/vault... [05:05:53] [61/73] SKIP Nayab-23/alien — This is a prediction market mini app built on World ID/MiniKit. It does not contain any accidentally committed credentials or sensitive data. [05:05:53] [64/73] Analyzing Aarrushh/CYCLEBREAKER... [05:05:58] [62/73] SKIP xkonjin/xUSDT — This is a payment protocol SDK/monorepo for USDT payments on Plasma network with consumer apps (P2P payments, bill splitting). It does not contain any accidentally committed credentials or sensitive data. [05:05:58] [65/73] Analyzing Blessedbiello/Z402... [05:06:00] [63/73] SKIP classyjennie2-debug/vault — This is an investment platform (not a crypto wallet) built with Next.js and PostgreSQL, with no accidentally committed credentials or sensitive data found. [05:06:00] [66/73] Analyzing MRT0B13/NovaOS... [05:06:01] [64/73] SKIP Aarrushh/CYCLEBREAKER — This is a social impact project (poverty diagnostic engine) with architecture documentation that mentions SQLite and credential wallet only in the context of Firebase Storage for certificates and database options. No crypto wallet functionality or leaked credentials. [05:06:01] [67/73] Analyzing artyomkap/Telegram-Bot-Builder... [05:06:09] [65/73] SKIP Blessedbiello/Z402 — Z402 is a privacy-first API monetization protocol built on Zcash — it's a payment processing platform, not a wallet project with accidentally committed credentials. [05:06:09] [68/73] Analyzing DandaAkhilReddy/agentchains... [05:06:10] [66/73] SKIP MRT0B13/NovaOS — This is an ElizaOS-based autonomous AI agent swarm project for Solana meme token trading. It contains no accidentally committed credentials — only template/placeholder values in documentation. [05:06:10] [69/73] Analyzing Kavin001K/Sales-Channel... [05:06:11] [67/73] SKIP artyomkap/Telegram-Bot-Builder — This is a Telegram Bot Builder platform for creating child bots, not a crypto wallet project. It has no committed credentials or sensitive data. [05:06:11] [70/73] Analyzing stateset/stateset-api... [05:06:18] [69/73] SKIP Kavin001K/Sales-Channel — This is a Point of Sale (POS) billing application built with React and PostgreSQL, not a crypto wallet project. The word 'wallet' appears only as a payment method option in a Zod validation enum. [05:06:18] [71/73] Analyzing eltonbaidoo/streamGate... [05:06:18] [68/73] SKIP DandaAkhilReddy/agentchains — AgentChains is a USD-first AI agent marketplace platform, not a crypto wallet project. It does not handle real cryptocurrency private keys, seed phrases, or wallet storage. [05:06:18] [72/73] Analyzing Philip-857-bit/Fomowl-Backend... [05:06:20] [70/73] SKIP stateset/stateset-api — This is an e-commerce order management API built in Rust, not a crypto wallet project. The crypto-related content is limited to accepting stablecoin payments as a feature, with no accidentally committed credentials. [05:06:20] [73/73] Analyzing rsl37/GLX_Systems_Network... [05:06:27] [71/73] SKIP eltonbaidoo/streamGate — StreamGate is an API gateway hackathon project using x402 micropayments on Base network. It contains only placeholder/example values in documentation, no real committed credentials. [05:06:29] [72/73] SKIP Philip-857-bit/Fomowl-Backend — This is a wallet backend service built in Rust, but it does not contain any accidentally committed credentials, private keys, seed phrases, or sensitive data. [05:06:29] [73/73] SKIP rsl37/GLX_Systems_Network — This is a civic networking platform (not a crypto wallet) with standard authentication documentation using placeholder values throughout. [05:06:29] Searching: "wallet.db private_key sqlite crypto" [05:06:30] Page 1: +67 items, 57 repos total [05:06:30] Found 57 repos (46 new, 11 already seen) [05:06:30] [1/46] Analyzing cardano-foundation/cardano-wallet... [05:06:30] [2/46] Analyzing tari-project/tari... [05:06:30] [3/46] Analyzing flow-hydraulics/flow-wallet-api... [05:06:39] [1/46] SKIP cardano-foundation/cardano-wallet — This is the official Cardano Foundation wallet project — a well-maintained open-source wallet server. The matched code is a utility tool for extracting keys from SQLite databases, not accidentally committed credentials. [05:06:39] [4/46] Analyzing duino-coin/duino-coin... [05:06:40] [2/46] SKIP tari-project/tari — This is the Tari protocol's official open-source wallet implementation. It contains no accidentally committed credentials, private keys, or sensitive data. [05:06:40] [5/46] Analyzing ducks-github/DuxNet... [05:06:40] [3/46] SKIP flow-hydraulics/flow-wallet-api — This is a Flow blockchain custodial wallet API service that properly uses environment variables for all sensitive configuration. No accidentally committed credentials or sensitive data found. [05:06:40] [6/46] Analyzing LordGhostX/typingdna-trx-wallet... [05:06:49] [4/46] Analysis failed: TypeError: fetch failed [05:06:49] [7/46] Analyzing etoyaetotochno/cli-eth-wallet-python... [05:06:50] [5/46] Analysis failed: TypeError: fetch failed [05:06:50] [8/46] Analyzing sudo-de/x-crypto-vault... [05:06:59] [7/46] SKIP etoyaetotochno/cli-eth-wallet-python — This is a CLI Ethereum wallet that stores private keys in SQLite, but no actual wallet.db database file with real data is committed to the repository. [05:06:59] [9/46] Analyzing soamee/wallet-api-clone-for-maxar... [05:07:00] [6/46] SKIP LordGhostX/typingdna-trx-wallet — This is a demo/tutorial Flask crypto wallet project that uses placeholder values for secrets, not real accidentally committed credentials. [05:07:00] [10/46] Analyzing b-open-io/1sat-sdk... [05:07:00] [8/46] SKIP sudo-de/x-crypto-vault — This is a crypto wallet project that uses SQLite to store encrypted private keys, but it contains no actual committed credentials or sensitive data — only empty database schemas and placeholder sample data. [05:07:00] [11/46] Analyzing gapracoolz/searchbtc... [05:07:08] [10/46] SKIP b-open-io/1sat-sdk — This is an SDK/framework for building apps on the 1Sat Ordinals BSV protocol. It does not contain any accidentally committed credentials, private keys, or sensitive data. [05:07:08] [12/46] Analyzing Tribler/trustchain-superapp... [05:07:10] [9/46] SKIP soamee/wallet-api-clone-for-maxar — This is a clone of the Flow Wallet API, an open-source custodial wallet infrastructure project. The hardcoded keys in the code are test/emulator values used in unit tests, not real credentials. [05:07:10] [13/46] Analyzing DevOps21133/UltraFastEVMwalletWindows11... [05:07:11] [11/46] SKIP gapracoolz/searchbtc — This is a Bitcoin private key brute-force search tool that generates random addresses and checks them against a list of known funded addresses. It stores generated keys in SQLite but no actual database with real private keys or credentials is committed to the repo. [05:07:11] [14/46] Analyzing lhty24/crypto-wallet... [05:07:18] [12/46] SKIP Tribler/trustchain-superapp — This is a university research project (TU Delft) for decentralized networking and trustchain, not a wallet with accidentally committed credentials. [05:07:18] [15/46] Analyzing ZAKIBAYDOUN/Quantum-Gaurd... [05:07:18] [13/46] SKIP DevOps21133/UltraFastEVMwalletWindows11 — This is a cryptocurrency wallet project that uses SQLite to store encrypted private keys, but it does not contain any accidentally committed credentials or sensitive data. [05:07:18] [16/46] Analyzing taellinglin/LunaWallet... [05:07:20] [14/46] SKIP lhty24/crypto-wallet — This is a well-architected non-custodial crypto wallet project that explicitly avoids storing any private keys or sensitive data on the backend. No accidentally committed credentials were found. [05:07:20] [17/46] Analyzing HiveProject2021/chives-blockchain... [05:07:28] [16/46] SKIP taellinglin/LunaWallet — LunaWallet is a cryptocurrency wallet application, but the repository does not contain any accidentally committed credentials, private keys, seed phrases, or sensitive data. [05:07:28] [18/46] Analyzing Bingo-APPweb/windi_public_audit... [05:07:29] [17/46] SKIP HiveProject2021/chives-blockchain — This is the Chives blockchain (a Chia fork) source code repository. It contains wallet/masternode management code that programmatically accesses private keys via RPC calls, but does not contain any accidentally committed credentials or sensitive data. [05:07:29] [19/46] Analyzing foxypool/chives-blockchain... [05:07:31] [15/46] MAYBE ZAKIBAYDOUN/Quantum-Gaurd — A crypto wallet project that stores private keys in plaintext in a SQLite database (wallet.db), with the code designed to persist private keys alongside source code. However, no actual committed .db files with real keys were found in the provided data. [05:07:31] [20/46] Analyzing MIKEY-44/Transaction-System... [05:07:37] [18/46] SKIP Bingo-APPweb/windi_public_audit — This is an AI document governance/verification framework (WINDI) that uses wallet concepts for identity provisioning, not a crypto currency wallet handling real funds. [05:07:37] [21/46] Analyzing zhangml123/lato_android... [05:07:37] [19/46] SKIP foxypool/chives-blockchain — This is the Chives blockchain source code (a Chia fork) with masternode functionality. It does not contain accidentally committed credentials or sensitive data. [05:07:37] [22/46] Analyzing nirholas/agenti... [05:07:42] [20/46] MAYBE MIKEY-44/Transaction-System — A crypto wallet project that stores encrypted private keys in SQLite (wallet.db), has a committed Infura API key, and lists wallet.db in its project structure suggesting it may be committed to the repo. [05:07:42] [23/46] Analyzing Tuntii/solana-bot... [05:07:47] [22/46] SKIP nirholas/agenti — Agenti is an MCP server framework for AI agents to interact with blockchains. It does not contain accidentally committed credentials or sensitive data. [05:07:47] [24/46] Analyzing tari-project/minotari-cli... [05:07:49] [21/46] SKIP zhangml123/lato_android — This is a PlatON/LAT cryptocurrency wallet Android app that uses SQLite for local storage, but there are no accidentally committed credentials, private keys, seed phrases, or sensitive data in the repository. [05:07:49] [25/46] Analyzing CVScoder/BCTM... [05:07:54] [23/46] MAYBE Tuntii/solana-bot — Solana wallet/bundler project that stores private keys in SQLite databases (wallet.db) and includes a committed database.db file in the utils/ directory that may contain real wallet data. [05:07:54] [26/46] Analyzing Ecoriap/duinocoin... [05:07:56] [24/46] SKIP tari-project/minotari-cli — This is a legitimate Tari blockchain CLI wallet project with proper security practices (encrypted storage, password-based key encryption, PII masking in logs). No accidentally committed credentials or sensitive data found. [05:07:56] [27/46] Analyzing ariprismaa/duino... [05:07:58] [25/46] SKIP CVScoder/BCTM — This is a Flask-based Ethereum wallet project that properly encrypts private keys with user passwords using PBKDF2/Fernet and uses environment variables for secrets. No actual credentials or sensitive data are committed. [05:07:58] [28/46] Analyzing iStrzalka/krypto... [05:08:04] [26/46] SKIP Ecoriap/duinocoin — This is a fork of the Duino-Coin open-source cryptocurrency wallet. It stores base64-encoded login credentials (username/password) in a local SQLite database, but no actual committed database files with real credentials were found in the repository. [05:08:04] [29/46] Analyzing ponsato/ducopanel... [05:08:07] [27/46] SKIP ariprismaa/duino — This is a fork/copy of the Duino-Coin GUI wallet, a mining tutorial for a low-value educational cryptocurrency. It stores username/password (base64 encoded) in a local SQLite DB but does not contain any accidentally committed credentials or sensitive data. [05:08:07] [30/46] Analyzing Sandee004/CreatorMail... [05:08:08] [28/46] SKIP iStrzalka/krypto — This is a blockchain/cryptocurrency educational project that stores private keys in SQLite, but it's a learning exercise with no real credentials committed — the database is created at runtime, not committed with data. [05:08:08] [31/46] Analyzing readme-terrell/import-docs... [05:08:14] [29/46] SKIP ponsato/ducopanel — This is a DuinoCoin mining management desktop app that uses SQLite to store login credentials locally. It does not contain accidentally committed credentials or sensitive data. [05:08:14] [32/46] Analyzing los03/losmin... [05:08:16] [30/46] SKIP Sandee004/CreatorMail — This is a crypto wallet project using SQLite to store encrypted private keys, but it does NOT contain any accidentally committed credentials or sensitive data. [05:08:16] [33/46] Analyzing lewismunene020/duino-coin... [05:08:17] [31/46] SKIP readme-terrell/import-docs — This is a documentation repository for Blockdaemon's institutional wallet deployment process. All secrets are stored as references to AWS Secrets Manager — no actual credentials are committed. [05:08:17] [34/46] Analyzing cashubtc/nutshell... [05:08:25] [32/46] SKIP los03/losmin — This is a fork/copy of the Duino-Coin Tkinter GUI Wallet, which stores username and base64-encoded password in a local SQLite database. It is not a real crypto wallet handling private keys or real funds. [05:08:25] [35/46] Analyzing BeamMW/beam... [05:08:27] [33/46] SKIP lewismunene020/duino-coin — This is a fork of the Duino-Coin open-source cryptocurrency wallet GUI application. It stores username/password credentials in a local SQLite database but does not contain any accidentally committed real credentials, private keys, seed phrases, or sensitive data. [05:08:27] [36/46] Analyzing FIFTHMAGE/TRADESEER... [05:08:29] [34/46] SKIP cashubtc/nutshell — Cashu Nutshell is a Chaumian ecash wallet and mint for Bitcoin Lightning. The matched code is from test files that use cryptographic operations in a testing context, not accidentally committed credentials. [05:08:29] [37/46] Analyzing stevedylandev/flow-wallet-api... [05:08:33] [35/46] SKIP BeamMW/beam — Beam is a legitimate open-source cryptocurrency project. The matched code is from unit tests that create temporary SQLite wallet databases for testing purposes, not accidentally committed credentials or sensitive data. [05:08:33] [38/46] Analyzing joyboyz2025/Flow-Walletness... [05:08:36] [36/46] SKIP FIFTHMAGE/TRADESEER — This is a Telegram wallet tracking bot that has wallet creation functionality with encrypted private key storage in SQLite, but the matched file is only a test script that creates temporary test databases and cleans them up — no actual committed credentials or sensitive data. [05:08:36] [39/46] Analyzing Amith-Abey-Stephen/Ducoin... [05:08:39] [37/46] SKIP stevedylandev/flow-wallet-api — This is a Flow blockchain wallet API service that properly uses environment variables for all sensitive configuration. No accidentally committed credentials or sensitive data found. [05:08:39] [40/46] Analyzing JoepMulder/trustchain-superapp... [05:08:42] [38/46] SKIP joyboyz2025/Flow-Walletness — This is a Flow blockchain wallet API service that properly uses environment variables for all sensitive configuration. No accidentally committed credentials or sensitive data found. [05:08:42] [41/46] Analyzing Krakaw/tari-wallet... [05:08:46] [39/46] SKIP Amith-Abey-Stephen/Ducoin — This is a fork/copy of the Duino-Coin wallet GUI application that stores username and base64-encoded passwords in a local SQLite database, but it's not accidentally committed credentials - it's the application's designed behavior for a toy/educational cryptocurrency. [05:08:46] [42/46] Analyzing chives-network/Chivescoin... [05:08:48] [40/46] SKIP JoepMulder/trustchain-superapp — This is a TU Delft academic research project (TrustChain Super App) that uses SQLite for P2P networking data storage. It generates keys at runtime and stores them in Android SharedPreferences — no actual credentials or private keys are committed to the repository. [05:08:48] [43/46] Analyzing AetherCore-Dev/ag402... [05:08:52] [41/46] SKIP Krakaw/tari-wallet — This is a legitimate open-source Tari wallet library implementation with proper security practices. No accidentally committed credentials, private keys, seed phrases, or sensitive data were found. [05:08:52] [44/46] Analyzing nexusosdaily-code/WNSP-P2P-Hub... [05:08:56] [42/46] SKIP chives-network/Chivescoin — This is the Chivescoin blockchain source code (a Chia fork) with masternode functionality. The code references private keys through RPC client calls to a local wallet service, not hardcoded or accidentally committed credentials. [05:08:56] [45/46] Analyzing DavidBuchanan314/duino-coin-fork... [05:08:57] [43/46] SKIP AetherCore-Dev/ag402 — Ag402 is a payment engine for AI agents using the x402 protocol on Solana. It's a well-structured open-source tool with proper security practices, not a project with accidentally committed credentials. [05:08:57] [46/46] Analyzing Ecoriap/M-Coin... [05:09:04] [45/46] SKIP DavidBuchanan314/duino-coin-fork — This is a fork of Duino-Coin, an open-source cryptocurrency project. The wallet.db is created locally at runtime to store user credentials — no actual committed database with private keys or credentials exists in the repo. [05:09:05] [44/46] SKIP nexusosdaily-code/WNSP-P2P-Hub — This is a wallet project that stores encrypted private keys in SQLite, but there are no actual committed credentials, databases with real data, or hardcoded secrets — it's source code only with proper encryption and env var patterns. [05:09:08] [46/46] SKIP Ecoriap/M-Coin — This is a fork/copy of the Duino-Coin wallet, which is an open-source cryptocurrency GUI wallet. It stores usernames and base64-encoded passwords in a local SQLite database, but there are no accidentally committed credentials, seed phrases, private keys, or sensitive data in the repository. [05:09:08] Searching: "sqlite wallet backup recovery seed" [05:09:11] Page 1: +100 items, 82 repos total [05:09:17] Found 82 repos (51 new, 31 already seen) [05:09:17] [1/51] Analyzing hyperledger-indy/indy-hipe... [05:09:17] [2/51] Analyzing canaltunoz/KeikoWallet... [05:09:17] [3/51] Analyzing atlemagnussen/nixos... [05:09:24] [3/51] SKIP atlemagnussen/nixos — This is a NixOS system configuration repository with documentation about lightning node backup procedures. It does not contain any actual credentials, private keys, or wallet data. [05:09:24] [4/51] Analyzing wdadwa3214234/awdaw... [05:09:27] [1/51] SKIP hyperledger-indy/indy-hipe — This is a Hyperledger Indy project enhancement proposals (RFCs) repository that discusses identity wallet architecture and design specifications. It contains no actual code, credentials, or sensitive data. [05:09:27] [5/51] Analyzing hexdaemon/hex... [05:09:28] [2/51] SKIP canaltunoz/KeikoWallet — This is a well-designed Flutter cryptocurrency wallet project with proper security architecture (AES-256-GCM, Argon2id KDF, encrypted SQLite storage). No accidentally committed credentials or sensitive data were found. [05:09:28] [6/51] Analyzing emacs-ng/emacs-ng... [05:09:35] [6/51] SKIP emacs-ng/emacs-ng — This is emacs-ng, a fork of GNU Emacs with added features like TypeScript and WebRender. It has no relation to crypto wallets or credentials. [05:09:35] [7/51] Analyzing SiaFoundation/hostd... [05:09:36] [5/51] SKIP hexdaemon/hex — This is an AI agent identity/memory system for a Lightning network advisor bot, not a crypto wallet project with accidentally committed credentials. [05:09:36] [8/51] Analyzing adon90/pentest_compilation... [05:09:36] [4/51] SKIP wdadwa3214234/awdaw — This is a malware/stealer script disguised as a 'data_backup_tool' that searches for and exfiltrates crypto wallet data, seed phrases, and private keys from victims' computers. It is not a wallet project with accidentally committed credentials. [05:09:36] [9/51] Analyzing edoardottt/scilla... [05:09:43] [9/51] SKIP edoardottt/scilla — This is an information gathering/security scanning tool (DNS/subdomain/port/directory enumeration) with no relation to crypto wallets or credentials. [05:09:43] [10/51] Analyzing FromHDDtoSSD/SorachanCoin-qt... [05:09:44] [8/51] SKIP adon90/pentest_compilation — This is a penetration testing cheat sheet/command compilation repository, not a crypto wallet project. [05:09:44] [11/51] Analyzing henshin/filebuster... [05:09:44] [7/51] SKIP SiaFoundation/hostd — This is the official Sia Foundation host daemon (hostd) - a legitimate, well-maintained open-source project that properly handles wallet seeds via environment variables and config files, with no accidentally committed credentials. [05:09:44] [12/51] Analyzing animicaorg/all... [05:09:52] [11/51] SKIP henshin/filebuster — This is a web fuzzing/content discovery tool (Filebuster) with wordlists for directory brute-forcing. The match on 'wallet' and 'wallet.dat' is simply a dictionary entry in a fuzzing wordlist. [05:09:52] [13/51] Analyzing reb311ion/replica... [05:09:54] [10/51] SKIP FromHDDtoSSD/SorachanCoin-qt — This is the SorachanCoin blockchain wallet source code repository. It contains wallet database handling code (walletdb.cpp) but no accidentally committed credentials, private keys, seed phrases, or sensitive data. [05:09:54] [14/51] Analyzing pocketnetteam/pocketnet.core... [05:09:55] [12/51] SKIP animicaorg/all — This is a blockchain platform (Animica L1) with operational documentation about backup procedures for keys and databases — it does not contain any accidentally committed credentials or sensitive data. [05:09:55] [15/51] Analyzing snight1983/chia-rosechain... [05:10:02] [13/51] SKIP reb311ion/replica — This is a Ghidra reverse engineering analysis enhancer tool, not a crypto wallet project. It contains cryptographic algorithm constants (DES, CRC32, AES S-boxes, etc.) used for identifying crypto in binary analysis, not wallet credentials. [05:10:02] [16/51] Analyzing xing-hu/EMSE-DeepCom... [05:10:03] [15/51] SKIP snight1983/chia-rosechain — This is a fork of the Chia blockchain (a cryptocurrency project called ChiaRose/XCR), containing standard blockchain source code and changelog. It does not contain any accidentally committed credentials, private keys, or sensitive data. [05:10:03] [17/51] Analyzing SiaFoundation/renterd... [05:10:03] [14/51] SKIP pocketnetteam/pocketnet.core — This is the Pocketnet Core blockchain node software (a Bitcoin-like full node). It uses SQLite for wallet storage as part of its build system, but contains no accidentally committed credentials, private keys, or sensitive data. [05:10:03] [18/51] Analyzing ResearchandDestroy/DorXNG... [05:10:11] [17/51] SKIP SiaFoundation/renterd — This is the official Sia Foundation renter daemon (renterd), a decentralized cloud storage client. It does not contain any accidentally committed credentials or sensitive data. [05:10:11] [19/51] Analyzing raingggg/coctohug... [05:10:11] [16/51] SKIP xing-hu/EMSE-DeepCom — This is a dataset repository for a deep learning code comment generation research paper (EMSE-DeepCom). It contains a list of GitHub project names used for training data, not any wallet software or credentials. [05:10:11] [20/51] Analyzing cvv2com/cvv2com-card-coinwallet-photo-logging... [05:10:11] [18/51] SKIP ResearchandDestroy/DorXNG — DorXNG is an OSINT/Google dorking tool that uses search engine operators to find exposed data on the internet. It is not a crypto wallet project and contains no credentials. [05:10:11] [21/51] Analyzing ChainGreenOrg/chaingreen-blockchain... [05:10:18] [21/51] SKIP ChainGreenOrg/chaingreen-blockchain — This is the ChainGreen blockchain project, a fork of Chia blockchain. It is a full blockchain implementation, not a wallet project with accidentally committed credentials. [05:10:18] [22/51] Analyzing RickyDane/CoDriver... [05:10:20] [20/51] SKIP cvv2com/cvv2com-card-coinwallet-photo-logging — This is an OCR-based image scanner tool designed to detect credit card numbers, crypto wallet seed phrases, and other sensitive information in photos. It is NOT a wallet project and does not contain any accidentally committed credentials. [05:10:20] [23/51] Analyzing yiheng98/ProfMal... [05:10:21] [19/51] SKIP raingggg/coctohug — Coctohug is a Chia blockchain fork mining management tool. It does not contain any accidentally committed credentials, private keys, or sensitive data. [05:10:21] [24/51] Analyzing tanmayb123/DeepSPADE... [05:10:26] [22/51] SKIP RickyDane/CoDriver — This is a file explorer application (CoDriver) built with Rust/Tauri. The match is only on a file extensions dictionary that lists 'SQLite' as a known file extension. [05:10:26] [25/51] Analyzing hulatang/ceres-combineharvester... [05:10:28] [23/51] SKIP yiheng98/ProfMal — ProfMal is a security tool for detecting malicious NPM packages using static and dynamic analysis. It does not contain any wallet code, committed credentials, or sensitive data. [05:10:28] [26/51] Analyzing psypersky/Bitcoin-Payments... [05:10:28] [24/51] SKIP tanmayb123/DeepSPADE — This is a spam detection dataset repository containing training data for a deep learning spam classifier. It has no relation to cryptocurrency wallets or credentials. [05:10:28] [27/51] Analyzing denisio/seno-blockchain... [05:10:35] [26/51] SKIP psypersky/Bitcoin-Payments — This is a Bitcoin payment processor API design/specification project. It contains no actual committed credentials, private keys, databases, or sensitive data. [05:10:35] [28/51] Analyzing jooray/cashupayserver... [05:10:36] [25/51] SKIP hulatang/ceres-combineharvester — This is a Chia blockchain farming tool (combine harvester for multiple Chia forks), not a crypto wallet project with committed credentials. [05:10:36] [29/51] Analyzing Igalia/epiphany-gnomeos... [05:10:37] [27/51] SKIP denisio/seno-blockchain — This is a fork of the Chia blockchain (a cryptocurrency farming/plotting project), not a wallet project with accidentally committed credentials or sensitive data. [05:10:37] [30/51] Analyzing Whitefox980/bitcoin1... [05:10:43] [29/51] SKIP Igalia/epiphany-gnomeos — This is the GNOME Epiphany web browser project, not a cryptocurrency wallet. The SQLite mention refers to browser history storage. [05:10:43] [31/51] Analyzing Flora-Network/flora-blockchain_old... [05:10:46] [28/51] SKIP jooray/cashupayserver — This is an open-source Lightning payment gateway using Cashu mints. The seed_phrase is read from a store configuration at runtime — it's not hardcoded or accidentally committed. [05:10:46] [32/51] Analyzing circuit777/ChatGPT-fuzz.txt... [05:10:46] [30/51] SKIP Whitefox980/bitcoin1 — This is a forum crawler/scraper designed to find and harvest Bitcoin addresses and password hints from public forums — it is NOT a wallet project with accidentally committed credentials. [05:10:46] [33/51] Analyzing maverickNerd/wordlists... [05:10:51] [31/51] SKIP Flora-Network/flora-blockchain_old — This is a fork of Chia blockchain (Flora Network) containing standard blockchain source code and a changelog. There are no accidentally committed credentials, private keys, seed phrases, or sensitive data. [05:10:51] [34/51] Analyzing sensei-hacker/password-dog... [05:10:53] [33/51] SKIP maverickNerd/wordlists — This is a repository containing wordlists for fuzzing/security testing, not a crypto wallet project. [05:10:53] [35/51] Analyzing Taco-Network/taco-blockchain... [05:10:56] [32/51] SKIP circuit777/ChatGPT-fuzz.txt — This is a fuzzing wordlist (fuzz.txt) generated by ChatGPT containing common filenames for web directory brute-forcing. It contains no actual credentials, wallet code, or sensitive data. [05:10:56] [36/51] Analyzing AbdelStark/zashu... [05:11:00] [34/51] SKIP sensei-hacker/password-dog — This is a password strength meter/filter tool that tests passwords against real cracking attacks. It has nothing to do with crypto wallets or credentials. [05:11:00] [37/51] Analyzing Kale-Network/kale-blockchain... [05:11:01] [35/51] SKIP Taco-Network/taco-blockchain — Taco-blockchain is a Chia fork (proof-of-space cryptocurrency blockchain). It mentions SQLite and wallet functionality in its changelog but contains no accidentally committed credentials, private keys, or sensitive data. [05:11:01] [38/51] Analyzing Olive-blockchain/Olive-blockchain... [05:11:06] [36/51] SKIP AbdelStark/zashu — Zashu is an experimental Zcash-backed Cashu mint project (testnet only) with SQLite persistence, but contains no accidentally committed credentials or sensitive data. [05:11:06] [39/51] Analyzing PurCL/ASTRA... [05:11:09] [37/51] SKIP Kale-Network/kale-blockchain — This is a fork of Chia blockchain (proof-of-space cryptocurrency) called Kale. It is not a wallet project with accidentally committed credentials or sensitive data. [05:11:09] [40/51] Analyzing DJjjjhao/FIRA-ICSE... [05:11:09] [38/51] SKIP Olive-blockchain/Olive-blockchain — This is a Chia blockchain fork (Olive blockchain) - a proof-of-space-and-time cryptocurrency project. It does not contain any accidentally committed credentials, private keys, or sensitive data. [05:11:09] [41/51] Analyzing musa-42/Zap_lnbot... [05:11:13] [39/51] SKIP PurCL/ASTRA — This is an AI red-teaming/safety research tool that won Amazon's Nova AI Challenge. It has nothing to do with crypto wallets or accidentally committed credentials. [05:11:13] [42/51] Analyzing Ringbo/CCT5... [05:11:19] [40/51] SKIP DJjjjhao/FIRA-ICSE — This is an academic research paper replication package for automated commit message generation (ICSE 2022), not a crypto wallet project. [05:11:19] [43/51] Analyzing t43Wiu6/blackJack-Dicts... [05:11:20] [42/51] SKIP Ringbo/CCT5 — This is a code-change-oriented pre-trained model (CCT5) for software engineering research tasks like commit message generation and defect prediction. It has no relation to crypto wallets or credentials. [05:11:20] [44/51] Analyzing BTCgreen-Network/btcgreen-blockchain... [05:11:22] [41/51] MAYBE musa-42/Zap_lnbot — Bitcoin Lightning wallet Telegram bot that stores mnemonic seed phrases in a local SQLite database (db-bot.sqlite) committed alongside source code, with potential for the database file containing real wallet seeds to be committed. [05:11:22] [45/51] Analyzing Maize-Network/maize-blockchain... [05:11:26] [43/51] SKIP t43Wiu6/blackJack-Dicts — This is a directory/file wordlist dictionary for web fuzzing and brute-forcing, not a crypto wallet project. [05:11:26] [46/51] Analyzing Cactus-Network/cactus-blockchain... [05:11:28] [44/51] SKIP BTCgreen-Network/btcgreen-blockchain — This is the BTCgreen blockchain full node software (a Chia fork). It is a blockchain infrastructure project, not a wallet project with accidentally committed credentials. [05:11:28] [47/51] Analyzing 0xlipon/payloads... [05:11:31] [45/51] SKIP Maize-Network/maize-blockchain — This is a fork of Chia blockchain (called Maize) - a full blockchain node/farmer/wallet software project. It contains no accidentally committed credentials, private keys, or sensitive data. [05:11:31] [48/51] Analyzing Grumpified-OGGVCT/NostrGator... [05:11:34] [46/51] SKIP Cactus-Network/cactus-blockchain — This is the Cactus blockchain node software (a Chia fork), not a wallet project with accidentally committed credentials or sensitive data. [05:11:34] [49/51] Analyzing chiabluepool/bluepool... [05:11:34] [47/51] SKIP 0xlipon/payloads — This is a collection of fuzzing wordlists/payloads for security testing, not a crypto wallet project. [05:11:34] [50/51] Analyzing tech234a/annotation-urls... [05:11:39] [48/51] SKIP Grumpified-OGGVCT/NostrGator — NostrGator is a Nostr relay infrastructure project with Lightning wallet integration via Alby Hub. It does not contain any accidentally committed credentials, private keys, seed phrases, or sensitive data. [05:11:39] [51/51] Analyzing Thyme-Network/thyme-blockchain... [05:11:41] [50/51] SKIP tech234a/annotation-urls — This repository contains URLs extracted from the YouTube annotations archive — it is simply a collection of links, not a crypto wallet project. [05:11:42] [49/51] SKIP chiabluepool/bluepool — This is a Chia cryptocurrency pooling protocol (Bluepool) built on top of Chia-Blockchain. It contains no accidentally committed credentials, private keys, or sensitive data. [05:11:47] [51/51] SKIP Thyme-Network/thyme-blockchain — This is a fork of Chia blockchain (a proof-of-space cryptocurrency). It's a full blockchain node/farmer project, not a wallet handling real crypto funds with accidentally committed credentials. [05:11:47] Searching: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 supabase.co telegram wallet bot send" [05:11:50] Page 1: +80 items, 61 repos total [05:11:50] Found 61 repos (61 new, 0 already seen) [05:11:50] [1/61] Analyzing webapp342/waitlist... [05:11:50] [2/61] Analyzing KANAGARAJ-M/PythonBOTS_Telegram... [05:11:50] [3/61] Analyzing Arthu133/cripto-base-advisor-bot... [05:12:01] [3/61] SKIP Arthu133/cripto-base-advisor-bot — This is a crypto advisory Telegram bot (not a wallet) that has a hardcoded Supabase anon key as a fallback, but it does not handle any real crypto funds, private keys, or wallet operations. [05:12:01] [4/61] Analyzing ubaliringim/airtimedatahub... [05:12:03] [1/61] SKIP webapp342/waitlist — This is a BSC Testnet waitlist/referral platform with Telegram and Discord bots, not a crypto wallet project handling real funds. The hardcoded Supabase credentials are real but the project doesn't store private keys or handle actual crypto wallets. [05:12:03] [5/61] Analyzing lyhoanghaiceobmcgroup/ran-40nq-menu-order... [05:12:04] [2/61] MATCH KANAGARAJ-M/PythonBOTS_Telegram — Telegram bot for a crypto airdrop/wallet scheme with hardcoded Supabase credentials and Telegram bot token committed directly in source code. The bot collects user BNB wallet addresses and processes withdrawals via Supabase. [05:12:04] [6/61] Analyzing enaya12q/samrt_coin_bot... [05:12:08] [4/61] SKIP ubaliringim/airtimedatahub — This is an airtime/data hub Telegram bot with hardcoded Supabase and Telegram bot credentials, but it is NOT a crypto wallet project. [05:12:08] [7/61] Analyzing basharmestrih/Subscriptions-Manager-Bot... [05:12:13] [5/61] SKIP lyhoanghaiceobmcgroup/ran-40nq-menu-order — This is a restaurant/food menu ordering app with a loyalty points ('RAN Token') system — not a crypto wallet project handling real cryptocurrency funds. [05:12:13] [8/61] Analyzing Dpkaction/gacurrency... [05:12:16] [6/61] MATCH enaya12q/samrt_coin_bot — Telegram bot crypto wallet project with hardcoded Supabase service role key, Telegram Bot Token, and Telegram API ID committed directly in source code. [05:12:16] [9/61] Analyzing ethpanda-org/ETHShanghai-2025... [05:12:18] [7/61] SKIP basharmestrih/Subscriptions-Manager-Bot — This is a Telegram subscription manager bot with hardcoded Supabase and payment API credentials, but it is NOT a crypto wallet project — it's a subscription/membership bot that uses crypto payments. [05:12:18] [10/61] Analyzing pranavkdileep/All-In-One-AirDrop-Claimer... [05:12:22] [8/61] MATCH Dpkaction/gacurrency — A crypto wallet project (GSC/VAGS blockchain wallet) with accidentally committed Supabase credentials and Telegram bot token hardcoded directly in DEPLOYMENT.md. [05:12:22] [11/61] Analyzing MarxMad/CriptoUNAM-Website... [05:12:28] [10/61] SKIP pranavkdileep/All-In-One-AirDrop-Claimer — This is an airdrop/tap-to-earn bot claimer that automates claiming rewards from various Telegram mini-games (Hamster Kombat, TapSwap, Seed, etc.), not a crypto wallet project handling real funds. [05:12:28] [12/61] Analyzing HEMONY/SMAER_PROJECT... [05:12:29] [9/61] MATCH ethpanda-org/ETHShanghai-2025 — A hackathon project (PayWay) has accidentally committed real Supabase credentials, a SendGrid API key, and most critically a platform wallet private key that controls fund releases from an escrow smart contract handling USDT payments. [05:12:29] [13/61] Analyzing aiagentra-ctrl/ugtopup... [05:12:35] [11/61] SKIP MarxMad/CriptoUNAM-Website — This is an educational blockchain platform (CriptoUNAM) for a university community, not a crypto wallet project that handles real funds. While it has accidentally committed credentials (Supabase anon key, Resend API key, Telegram bot token), it is not a wallet project storing/sending/receiving crypto funds or private keys. [05:12:35] [14/61] Analyzing fpresta0607/PolyBot... [05:12:38] [13/61] SKIP aiagentra-ctrl/ugtopup — This is a gaming top-up/credits platform (Free Fire diamonds, etc.) with an exposed Supabase anon key, but it is NOT a crypto wallet project. [05:12:38] [15/61] Analyzing wxfvwzxsq4-ship-it/flpy-game... [05:12:40] [12/61] MAYBE HEMONY/SMAER_PROJECT — A Telegram bot crypto wallet project ('Smart Coin') with hardcoded Supabase credentials and Telegram bot tokens directly in source code. The project involves TON wallet integration, mining, and digital card purchases. [05:12:40] [16/61] Analyzing tr1h/huma-chain-xyz... [05:12:44] [14/61] SKIP fpresta0607/PolyBot — This is a Polymarket copy-trading bot, not a crypto wallet project. All credentials shown are placeholders in documentation/guide files, not accidentally committed real secrets. [05:12:44] [17/61] Analyzing stuart5915/suitegpt... [05:12:49] [15/61] SKIP wxfvwzxsq4-ship-it/flpy-game — This is a Flappy Bird clone game with crypto reward features, not a wallet project. The Supabase key exposed is a public anonymous (anon) key, which is designed to be client-facing. [05:12:49] [18/61] Analyzing mateusin06/btc-5m... [05:12:54] [16/61] MAYBE tr1h/huma-chain-xyz — A Solana Tamagotchi game with Telegram bot that has hardcoded Supabase anon keys committed in multiple PHP files and an old admin HTML backup, though this is a game project rather than a pure crypto wallet project. [05:12:54] [19/61] Analyzing affaan-m/stoictradingAI... [05:12:58] [17/61] SKIP stuart5915/suitegpt — This is an AI app ecosystem platform (SUITE) with various productivity/health/finance apps. The Supabase key found is a public anonymous key, not a sensitive credential, and this is not a crypto wallet project handling real funds. [05:12:58] [20/61] Analyzing sugartrades/sugar-flow-academy... [05:13:03] [18/61] MATCH mateusin06/btc-5m — Polymarket trading bot with hardcoded Supabase credentials (anon key AND service role key) and a payment wallet address committed directly in source code. The bot handles crypto trading credentials including private keys stored in Supabase. [05:13:03] [21/61] Analyzing zsyborg/clicker... [05:13:09] [20/61] SKIP sugartrades/sugar-flow-academy — This is a crypto whale alert/trading academy project that exposes a Supabase anon key, but it is NOT a wallet project handling private keys or funds. [05:13:09] [22/61] Analyzing 12345Shahid/info... [05:13:14] [21/61] SKIP zsyborg/clicker — This is a Solana clicker game (not a wallet project) with accidentally committed MongoDB and Supabase credentials, but it does not handle real crypto funds, private keys, or wallet operations. [05:13:14] [23/61] Analyzing rpgls-cybersec/rpgls-edl-host... [05:13:14] [19/61] MATCH affaan-m/stoictradingAI — Autonomous Solana trading bot with real, accidentally committed credentials including Solana private keys, Supabase credentials, OpenAI API keys, Groq API keys, Twitter credentials, and database passwords — all in a committed .env file. [05:13:14] [24/61] Analyzing annachou5566/wave-alpha... [05:13:28] [22/61] SKIP 12345Shahid/info — This is a project planning document for a Halal AI chat assistant web app, not a crypto wallet project. It contains an accidentally committed Hugging Face API key but no crypto wallet credentials. [05:13:28] [25/61] Analyzing VinzSenzoo/HerafiAutoBot-NTE... [05:13:30] [24/61] SKIP annachou5566/wave-alpha — This is a crypto tournament volume tracker / market data dashboard, not a wallet project that handles private keys or real crypto funds. [05:13:30] [26/61] Analyzing ARTEMKOPIK/-... [05:13:31] [23/61] SKIP rpgls-cybersec/rpgls-edl-host — This is a cybersecurity External Dynamic List (EDL) repository for Palo Alto Prisma Access firewall, containing lists of malicious URLs/IOCs for blocking — not a crypto wallet project. [05:13:31] [27/61] Analyzing ARTEMKOPIK/max-or-whatsapp-progrev... [05:13:40] [26/61] SKIP ARTEMKOPIK/- — This is a WhatsApp account warming/automation Telegram bot with hardcoded Supabase and Crypto Pay credentials, but it is NOT a crypto wallet project handling private keys or funds storage. [05:13:40] [28/61] Analyzing anthonysurfermx/defi-mexico-hub... [05:13:40] [27/61] SKIP ARTEMKOPIK/max-or-whatsapp-progrev — This is a WhatsApp/Max warming (прогрев) Telegram bot service with hardcoded Supabase, Telegram bot, and Crypto Pay API credentials — but it is NOT a crypto wallet project. [05:13:40] [29/61] Analyzing Misconnecting/Rezilan... [05:13:42] [25/61] MATCH VinzSenzoo/HerafiAutoBot-NTE — A Telegram bot for automated DeFi swaps on HeraFI testnet that contains hardcoded Supabase API keys (JWT anon tokens) used to report transactions to a Supabase backend. [05:13:42] [30/61] Analyzing toktok-oficial/TOKTOK-APK-OFICIAL... [05:13:50] [29/61] SKIP Misconnecting/Rezilan — This is a crypto communication/social platform for meme coin communities, NOT a wallet project. It contains a Supabase anon key which is designed to be public. [05:13:50] [31/61] Analyzing Started-dev/started-ide... [05:13:51] [28/61] SKIP anthonysurfermx/defi-mexico-hub — This is a DeFi trading room/AI agent project with a hardcoded Supabase anon key, but it's not a wallet project storing private keys or seed phrases. [05:13:51] [32/61] Analyzing Reoneo/vanity-box... [05:13:52] [30/61] SKIP toktok-oficial/TOKTOK-APK-OFICIAL — This is a gaming recharge/digital wallet app (TokTok Wallet) for purchasing game diamonds and mobile recharges using Bolivian currency (Bs), not a crypto wallet project handling real cryptocurrency funds. [05:13:52] [33/61] Analyzing fikriaf/ordo... [05:13:59] [32/61] SKIP Reoneo/vanity-box — This is a Web3 profile/identity aggregation UI (ENS, IOTA names, etc.), not a crypto wallet project that stores or handles private keys, seed phrases, or funds. [05:13:59] [34/61] Analyzing Ahmed-Agent/NOLA... [05:14:01] [31/61] SKIP Started-dev/started-ide — This is a cloud-based AI coding IDE (Started IDE) with MCP integrations for various services. It is not a crypto wallet project and contains no accidentally committed credentials. [05:14:01] [35/61] Analyzing bybitinv/Ganhos-Bybit... [05:14:03] [33/61] SKIP fikriaf/ordo — This is a documentation/implementation guide for an AI assistant called 'Ordo' that integrates Solana blockchain tools. It contains no actual code, no committed databases, and no real credentials. [05:14:03] [36/61] Analyzing Henry2505/Bullionexchange... [05:14:10] [34/61] SKIP Ahmed-Agent/NOLA — This is a DEX (decentralized exchange) frontend UI project, not a wallet project that stores private keys. The Supabase key exposed is an 'anon' public key used for client-side chat functionality. [05:14:10] [37/61] Analyzing Wings-UK/MistyNote... [05:14:10] [36/61] SKIP Henry2505/Bullionexchange — This is a Forex trading website admin panel (Bullion Exchange), not a crypto wallet project. It contains empty form fields for payment settings but no actual committed credentials or sensitive data. [05:14:10] [38/61] Analyzing supremeamerapplication/SupremeAmer-Affiliate-Network... [05:14:11] [35/61] SKIP bybitinv/Ganhos-Bybit — This is a Bybit earnings/investment platform frontend (likely a scam or MLM site), not a crypto wallet project handling private keys or seed phrases. [05:14:11] [39/61] Analyzing Bybit000/ganhos-bybit... [05:14:19] [37/61] SKIP Wings-UK/MistyNote — MistyNote is a social media platform for Africa (buy/sell/connect), not a crypto wallet project. The Supabase anon key exposed is a public client-side key by design. [05:14:19] [40/61] Analyzing HEMONY/smart_en... [05:14:20] [38/61] SKIP supremeamerapplication/SupremeAmer-Affiliate-Network — This is an affiliate network web application with a wallet UI tab, but the provided code is purely frontend HTML/CSS with no committed credentials, private keys, databases, or sensitive data. [05:14:20] [41/61] Analyzing Sirriiv/Nemex-mining-app... [05:14:23] [39/61] SKIP Bybit000/ganhos-bybit — This is a Bybit earnings/investment platform frontend (likely a scam or MLM site), not a crypto wallet project handling private keys or seed phrases. [05:14:23] [42/61] Analyzing MaksimYurchanka/pump-monitor... [05:14:29] [41/61] SKIP Sirriiv/Nemex-mining-app — This is a landing page / mining dashboard UI for a crypto mining project called 'Nemex'. It contains a Supabase anon key (public client-side key), not a wallet project handling real crypto funds. [05:14:29] [43/61] Analyzing danvoulez/MDs-Reunidos... [05:14:34] [42/61] SKIP MaksimYurchanka/pump-monitor — This is a token monitoring/tracking bot, not a wallet project. The Supabase key shown in the README is a placeholder example with 'XXXXXXXXXX' portions, not a real accidentally committed credential. [05:14:34] [44/61] Analyzing HEMONY/smart-coin_app... [05:14:36] [40/61] MAYBE HEMONY/smart_en — A crypto coin Telegram bot project ('Smart Coin') with hardcoded Supabase credentials, Telegram Bot Token, and Telegram API ID committed directly in source code. The project involves wallet functionality (balances, mining, transactions, TON wallet integration). [05:14:36] [45/61] Analyzing puwka/GiftRush-2.0... [05:14:37] [43/61] SKIP danvoulez/MDs-Reunidos — This repository contains exported ChatGPT conversations in Markdown format about building a mini-contracts/institutional logging app in Portuguese. It has no crypto wallet functionality, no credentials, and no sensitive data. [05:14:37] [46/61] Analyzing hannanpicho-lgtm/website-steadfast... [05:14:45] [44/61] MATCH HEMONY/smart-coin_app — A crypto coin/wallet Telegram app ('smart-coin') with hardcoded Supabase service role key, Telegram Bot Token, and Telegram API ID committed directly in source code. The app generates wallet addresses and stores user wallet data in Supabase. [05:14:45] [47/61] Analyzing omer475/ten-news-website... [05:14:46] [45/61] SKIP puwka/GiftRush-2.0 — This is a Telegram WebApp gift/case-opening game ('GiftRush') with hardcoded Supabase credentials, but it is NOT a crypto wallet project — it deals with virtual in-game currency and digital gifts, not real cryptocurrency funds or private keys. [05:14:46] [48/61] Analyzing Dpkaction/gsc-vags-foundation... [05:14:48] [46/61] SKIP hannanpicho-lgtm/website-steadfast — This is a product submission/commission earnings platform (task-based scam scheme), not a crypto wallet project. The exposed Supabase anon key is for a non-wallet platform. [05:14:48] [49/61] Analyzing Dpkaction/gsassetcurrency... [05:14:54] [47/61] SKIP omer475/ten-news-website — This is an AI-powered news website project, not a crypto wallet project. It contains an accidentally committed Supabase service key, but the project has nothing to do with wallet functionality or handling crypto funds. [05:14:54] [50/61] Analyzing Dpkaction/brasetz... [05:14:56] [48/61] MATCH Dpkaction/gsc-vags-foundation — A GSC blockchain wallet project that has accidentally committed real Supabase credentials and a Telegram bot token directly in the DEPLOYMENT.md file, not as placeholders but as actual production values. [05:14:56] [51/61] Analyzing Dpkaction/gs-currency... [05:14:57] [49/61] MATCH Dpkaction/gsassetcurrency — A crypto wallet project (GSC/VAGS blockchain wallet) with accidentally committed Supabase credentials and a Telegram bot token directly in DEPLOYMENT.md, matching the search criteria for wallet projects with hardcoded sensitive credentials. [05:14:57] [52/61] Analyzing Dpkaction/brasetzgsc... [05:15:04] [50/61] MATCH Dpkaction/brasetz — A blockchain wallet project (GSC/VAGS) that has accidentally committed real Supabase credentials and a Telegram Bot Token directly in DEPLOYMENT.md, handling crypto wallet operations including sending, receiving, and storing private keys. [05:15:04] [53/61] Analyzing Dpkaction/brasetzwabs... [05:15:05] [51/61] MATCH Dpkaction/gs-currency — A crypto wallet project (GSC/VAGS blockchain wallet) that has accidentally committed real Supabase credentials and a Telegram Bot Token directly in DEPLOYMENT.md. [05:15:05] [54/61] Analyzing Dpkaction/brasetzwabsgsc... [05:15:07] [52/61] MATCH Dpkaction/brasetzgsc — A crypto wallet project (GSC blockchain wallet) with real Supabase credentials and a Telegram bot token hardcoded directly in the DEPLOYMENT.md file, matching the search criteria for accidentally committed credentials in wallet projects. [05:15:07] [55/61] Analyzing Dpkaction/brasetzgscwabs... [05:15:14] [53/61] MATCH Dpkaction/brasetzwabs — A blockchain wallet project (GSC/VAGS) that has accidentally committed real Supabase credentials and a Telegram bot token directly in DEPLOYMENT.md, not as placeholders but as actual production values. [05:15:14] [56/61] Analyzing Dpkaction/brasetzfinal... [05:15:15] [54/61] MATCH Dpkaction/brasetzwabsgsc — A blockchain wallet project (GSC/VAGS) that has accidentally committed real Supabase credentials and a Telegram bot token directly in DEPLOYMENT.md, matching the search criteria for wallet projects with leaked credentials. [05:15:15] [57/61] Analyzing Dpkaction/brasetz-final... [05:15:16] [55/61] MATCH Dpkaction/brasetzgscwabs — A blockchain wallet project (GSC/VAGS) that has accidentally committed real Supabase credentials and a Telegram Bot Token directly in DEPLOYMENT.md, rather than using environment variable references. [05:15:16] [58/61] Analyzing Dpkaction/brasetzgsc-final... [05:15:24] [57/61] MATCH Dpkaction/brasetz-final — A crypto wallet project (GSC/VAGS blockchain wallet) with real Supabase credentials and a Telegram bot token hardcoded directly in the DEPLOYMENT.md file, not using environment variables properly. [05:15:24] [59/61] Analyzing Ahmed-Agent/Ahmed-nol... [05:15:25] [56/61] MATCH Dpkaction/brasetzfinal — A blockchain wallet project (GSC/VAGS) that has accidentally committed real Supabase credentials and a Telegram Bot Token directly in the DEPLOYMENT.md file, rather than using environment variables properly. [05:15:25] [60/61] Analyzing Ahmed-Agent/Ahmed-nol-DeX... [05:15:25] [58/61] MATCH Dpkaction/brasetzgsc-final — A crypto wallet project (GSC/VAGS blockchain wallet) with real Supabase credentials and a Telegram bot token hardcoded directly in DEPLOYMENT.md, matching the search criteria for accidentally committed credentials in wallet projects. [05:15:25] [61/61] Analyzing HEMONY/smart_compat_bot... [05:15:37] [59/61] MAYBE Ahmed-Agent/Ahmed-nol — A DeFi token swap platform (NOLA Exchange) with hardcoded Supabase credentials (URL and anon key) committed directly in an HTML file, connected to what appears to be a real crypto wallet/exchange project. [05:15:37] [61/61] MATCH HEMONY/smart_compat_bot — A crypto coin Telegram bot project ('Smart Coin') with hardcoded Supabase service role key, Telegram Bot Token, and Telegram API ID directly in source code. The project handles wallet addresses, mining, and digital card purchases. [05:15:37] [60/61] MAYBE Ahmed-Agent/Ahmed-nol-DeX — A DeFi token swap platform (NOLA Exchange) with hardcoded Supabase credentials (URL and API key) committed directly in an HTML file, though it's a DEX frontend rather than a traditional wallet project. [05:15:37] Searching: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 supabase.co payment wallet gateway crypto" [05:15:39] Page 1: +27 items, 24 repos total [05:15:39] Found 24 repos (22 new, 2 already seen) [05:15:39] [1/22] Analyzing leadpoet/leadpoet... [05:15:39] [2/22] Analyzing intruvurt-labs/v3min8e... [05:15:39] [3/22] Analyzing zakirullah/shibalab... [05:15:47] [1/22] SKIP leadpoet/leadpoet — This is a Bittensor subnet for AI-powered lead generation (sales prospects), not a crypto wallet project. It does not handle private keys, seed phrases, or crypto funds. [05:15:47] [4/22] Analyzing rohcodes4/conclave-crypto-vision... [05:15:50] [2/22] MATCH intruvurt-labs/v3min8e — Repository contains a committed markdown file with what appear to be real API keys and credentials for a crypto/blockchain platform including Telegram bot tokens, Supabase credentials, JWT secrets, encryption keys, Helius RPC API keys, and Solana payment wallet addresses. [05:15:50] [5/22] Analyzing antimoneylaundring/filemerger... [05:15:51] [3/22] MATCH zakirullah/shibalab — A SHIB crypto mining/investment platform with hardcoded Supabase credentials (including service_role key) committed directly in source code and .env.example, along with admin credentials and a platform wallet address. [05:15:51] [6/22] Analyzing kevinorin/empires... [05:15:57] [4/22] SKIP rohcodes4/conclave-crypto-vision — This is a Lovable-generated crypto portfolio/market tracking UI app, not a wallet project that handles private keys or real crypto funds. The Supabase anon key found is commented out and is a public client-side key. [05:15:57] [7/22] Analyzing krigrv/pos-mobile... [05:16:00] [5/22] SKIP antimoneylaundring/filemerger — This is an anti-money laundering file merger tool that processes UPI/banking/crypto transaction data for fraud investigation, not a crypto wallet project handling real funds. [05:16:00] [8/22] Analyzing ufuomasamson/unair... [05:16:02] [6/22] MATCH kevinorin/empires — This game development repository has accidentally committed real Supabase credentials including the database URL with password and the anon key in a markdown planning document. [05:16:02] [9/22] Analyzing glennsantos/dotload... [05:16:07] [7/22] SKIP krigrv/pos-mobile — This is a Point of Sale (POS) system for restaurants/retail, not a crypto wallet project. The Supabase credentials appear real but are committed in a non-wallet context. [05:16:07] [10/22] Analyzing GIBRILmadak/XERA... [05:16:10] [8/22] SKIP ufuomasamson/unair — This is a flight booking application (United Airlines clone), not a crypto wallet project. While it has hardcoded Supabase credentials and a 'crypto_wallets' table reference, it's a flight booking app with payment processing, not a wallet managing crypto private keys. [05:16:10] [11/22] Analyzing jeanfrancois360/dluxes-ecommerce... [05:16:13] [9/22] SKIP glennsantos/dotload — This is a digital product marketplace (not a crypto wallet) built with Next.js/Supabase. It sells digital goods like courses and templates, not crypto assets. [05:16:13] [12/22] Analyzing devsmomentum/Juego_QR... [05:16:18] [10/22] SKIP GIBRILmadak/XERA — This is a project tracking/monetization platform (XERA) with hardcoded Supabase and MaishaPay payment credentials, but it is NOT a crypto wallet project handling private keys, seed phrases, or crypto funds. [05:16:18] [13/22] Analyzing leothatguy/wallet-service... [05:16:18] [11/22] SKIP jeanfrancois360/dluxes-ecommerce — This is an e-commerce platform (NextPik) for luxury products, not a crypto wallet project. The Supabase credentials shown are truncated examples in documentation, not real leaked credentials. [05:16:18] [14/22] Analyzing Krishnav1/windsurf-project... [05:16:20] [12/22] SKIP devsmomentum/Juego_QR — This is a QR-based real-life RPG game (MapHunter) built with Flutter and Supabase. It has nothing to do with crypto wallets, private keys, or cryptocurrency. [05:16:20] [15/22] Analyzing ufuomasamson/danoairways... [05:16:26] [13/22] SKIP leothatguy/wallet-service — This is a fiat wallet service (Paystack/NGN) with proper env var usage and placeholder credentials in documentation. It is not a crypto wallet project and contains no accidentally committed secrets. [05:16:26] [16/22] Analyzing dakshtandel-9/Sanjari... [05:16:30] [15/22] SKIP ufuomasamson/danoairways — This is a flight booking application (airline), not a crypto wallet project. It has hardcoded Supabase anon key as a fallback, but this is not a wallet handling crypto funds. [05:16:30] [17/22] Analyzing howkoz/payments... [05:16:31] [14/22] MATCH Krishnav1/windsurf-project — Asset tokenization platform with real Supabase credentials, a deployer wallet private key, Razorpay keys, Resend API key, and Pinata API keys all committed in .env.example — a blockchain/wallet project handling token issuance and trading on Polygon. [05:16:31] [18/22] Analyzing Emmanex234/digiBit... [05:16:33] [16/22] SKIP dakshtandel-9/Sanjari — This is an e-commerce platform for herbal hair oil, not a crypto wallet project. It uses Supabase and Razorpay but handles no cryptocurrency or private keys. [05:16:33] [19/22] Analyzing agentminimaxchinarus/fintech-solution... [05:16:38] [17/22] SKIP howkoz/payments — This is a Shopify POS (Point of Sale) pilot project dashboard for retail operations, not a crypto wallet project. It contains a Supabase anon key but this is for a retail dashboard, not crypto funds. [05:16:38] [20/22] Analyzing ufuomasamson/mazoairways... [05:16:39] [18/22] SKIP Emmanex234/digiBit — This is a front-end dashboard HTML file for a crypto investment platform called 'DigiBit Finance'. It contains no committed credentials, private keys, seed phrases, or sensitive data. [05:16:39] [21/22] Analyzing zakirullah/shibalab-mining... [05:16:43] [19/22] SKIP agentminimaxchinarus/fintech-solution — This is a fintech payment platform (not a crypto wallet project) and the Supabase keys shown are placeholder examples in deployment documentation, not real accidentally committed credentials. [05:16:43] [22/22] Analyzing ufuomasamson/mano... [05:16:48] [20/22] SKIP ufuomasamson/mazoairways — This is a flight booking application (airline), not a crypto wallet project. It has hardcoded Supabase anon key as a fallback, but the project handles flight bookings with Paystack/crypto payment options — it does not store, send, or manage crypto private keys or wallet data. [05:16:51] [21/22] MATCH zakirullah/shibalab-mining — Crypto mining/investment platform (ShibaLab) with hardcoded Supabase credentials including the service_role key committed directly in source code and .env.example, along with admin credentials and a platform wallet address. [05:16:51] [22/22] SKIP ufuomasamson/mano — This is a flight booking application (not a crypto wallet project) that has hardcoded Supabase anon keys. It does not handle crypto private keys, seed phrases, or wallet funds. [05:16:51] Searching: "mongodb+srv wallet bot telegram send receive" [05:16:52] Page 1: +48 items, 36 repos total [05:16:52] Found 36 repos (35 new, 1 already seen) [05:16:52] [1/35] Analyzing OxBryte/sui-tracking-bot... [05:16:52] [2/35] Analyzing farrelputra16/caller-bot... [05:16:52] [3/35] Analyzing HikaruHokkyokusei/Lucky-Gates-Bot... [05:17:00] [1/35] MATCH OxBryte/sui-tracking-bot — Telegram bot for tracking SUI blockchain wallet transactions with hardcoded MongoDB credentials and Telegram bot token committed directly in source code. [05:17:00] [4/35] Analyzing aubert-gloire/Escrow-system... [05:17:01] [3/35] SKIP HikaruHokkyokusei/Lucky-Gates-Bot — This is a Telegram game bot ('Lucky Gates') that uses MongoDB and handles game tickets, not a crypto wallet project. MongoDB credentials are properly loaded from environment variables. [05:17:01] [5/35] Analyzing NotoriousBigg/EscrowBot... [05:17:07] [2/35] MATCH farrelputra16/caller-bot — A Solana sniper/caller Telegram bot with hardcoded MongoDB Atlas credentials, Helius API key, and Telegram bot token committed directly in source code. The bot tracks wallet transactions for crypto trading signals. [05:17:07] [6/35] Analyzing DRD8077/jarvis-trading-bot... [05:17:08] [4/35] SKIP aubert-gloire/Escrow-system — This is a crypto escrow Telegram bot project that uses placeholder values for all credentials and follows proper env var configuration patterns. [05:17:08] [7/35] Analyzing yanaksalvo/Hades-Stealer-Bot... [05:17:10] [5/35] MATCH NotoriousBigg/EscrowBot — Telegram escrow bot for crypto transactions with hardcoded MongoDB Atlas credentials committed directly in main.py, connecting to a live database handling real crypto trades. [05:17:10] [8/35] Analyzing HikaruHokkyokusei/RTK-Game-Hoister... [05:17:17] [7/35] SKIP yanaksalvo/Hades-Stealer-Bot — This is an open-source malware/stealer C2 bot — not a crypto wallet project. It steals data including wallet files from victims but does not itself manage, store, or handle crypto funds. [05:17:17] [9/35] Analyzing itsKayumkhan/telegramBot... [05:17:18] [6/35] SKIP DRD8077/jarvis-trading-bot — This is an AI trading bot/Telegram app with placeholder/example credentials in documentation, not a crypto wallet project with accidentally committed real credentials. [05:17:18] [10/35] Analyzing exeempire/InstaBoostPROtest--30... [05:17:19] [8/35] SKIP HikaruHokkyokusei/RTK-Game-Hoister — This is a blockchain gaming bot (Pot Shot / Last Bounty Hunter) that uses Telegram and monitors blockchain transactions, but it properly uses environment variables for MongoDB credentials and does not contain any accidentally committed secrets. [05:17:19] [11/35] Analyzing Ra533-c/Elitemarts_e_commerce... [05:17:27] [9/35] SKIP itsKayumkhan/telegramBot — This is a Telegram bot for a fake 'Paytm Ads' cash reward scam, not a crypto wallet project. While it contains hardcoded MongoDB credentials and a Telegram bot token, it does not handle any cryptocurrency funds, private keys, or wallet functionality. [05:17:27] [12/35] Analyzing Daddyaezzy/Alpha-buybot... [05:17:29] [10/35] SKIP exeempire/InstaBoostPROtest--30 — This is a Social Media Marketing (SMM) panel for Instagram services, not a crypto wallet project. It contains a hardcoded MongoDB connection string but handles no cryptocurrency or private keys. [05:17:29] [13/35] Analyzing Mohsinsiddi/whale-suite... [05:17:29] [11/35] SKIP Ra533-c/Elitemarts_e_commerce — This is an e-commerce store (product massager shop) with accidentally committed credentials (MongoDB URI, Telegram bot token, admin key, webhook secret), but it is NOT a crypto wallet project. [05:17:29] [14/35] Analyzing seneko98/Solove... [05:17:36] [13/35] SKIP Mohsinsiddi/whale-suite — This is a privacy-focused Solana trading platform project specification/hackathon submission. It does not contain any accidentally committed credentials, private keys, or sensitive data. [05:17:36] [15/35] Analyzing dhanbyte/adsearning... [05:17:37] [12/35] SKIP Daddyaezzy/Alpha-buybot — This is a Solana token buy-alert Telegram bot, not a wallet project. It uses environment variables properly for credentials — the MongoDB username 'pulumbu11' is exposed in the connection string template but the password itself comes from an env var. [05:17:37] [16/35] Analyzing SAISURYACHARAN89/Kluxmain... [05:17:39] [14/35] MATCH seneko98/Solove — Telegram dating bot with Solana wallet integration that has hardcoded MongoDB credentials and Telegram bot token committed directly in source code. [05:17:39] [17/35] Analyzing encrypted69-code/ottsonly-web... [05:17:46] [15/35] SKIP dhanbyte/adsearning — This is an ads-earning platform (watch ads, complete tasks, earn money) — not a crypto wallet project. It handles fiat INR payments via UPI/bank transfer, not cryptocurrency. [05:17:46] [18/35] Analyzing CodeWithTaskin/TubePulse... [05:17:46] [16/35] MAYBE SAISURYACHARAN89/Kluxmain — Repository contains a hardcoded MongoDB Atlas connection string with credentials ('mongodb+srv://zlyftyflo:123@klux.ggfrzqf.mongodb.net/') in a crypto-related project that has wallet routes and Telegram integration. [05:17:46] [19/35] Analyzing bilaldakkour/-bily-card... [05:17:48] [17/35] SKIP encrypted69-code/ottsonly-web — This is an OTT streaming platform (OTTSONLY) deployment guide, not a crypto wallet project. It contains only placeholder/template credentials in documentation. [05:17:48] [20/35] Analyzing itzyashh/chat-moderation-system... [05:17:54] [18/35] SKIP CodeWithTaskin/TubePulse — This is a YouTube comment sentiment analysis tool using NLP/ML, not a crypto wallet project. It has no relation to cryptocurrency wallets or credential storage. [05:17:54] [21/35] Analyzing DhanushPrakash6/Boostify-Telegram... [05:17:54] [20/35] SKIP itzyashh/chat-moderation-system — This is a chat moderation system for detecting toxic content and scams, not a crypto wallet project. It has no credentials, private keys, or wallet functionality. [05:17:54] [22/35] Analyzing HikaruHokkyokusei/Crypto-Arbitrage-Bot... [05:17:55] [19/35] SKIP bilaldakkour/-bily-card — This is a gaming top-up platform (not a crypto wallet project) that uses proper environment variable configuration for credentials rather than accidentally committing them. [05:17:55] [23/35] Analyzing HikaruHokkyokusei/Hell-Gates-Bot... [05:18:04] [23/35] SKIP HikaruHokkyokusei/Hell-Gates-Bot — This is a Telegram gaming bot that uses blockchain (Ethereum) for a game, not a crypto wallet project. MongoDB credentials are properly loaded from environment variables, not hardcoded. [05:18:04] [24/35] Analyzing moruklabs/dev-archive... [05:18:06] [21/35] SKIP DhanushPrakash6/Boostify-Telegram — This is a Telegram bot for social media boosting (buying likes/followers with coins), not a crypto wallet project. It contains hardcoded MongoDB and Alchemy API credentials but does not handle private keys, seed phrases, or wallet storage. [05:18:06] [25/35] Analyzing exeempire/InstaBoostPRO-master-testing... [05:18:07] [22/35] MAYBE HikaruHokkyokusei/Crypto-Arbitrage-Bot — Crypto arbitrage Telegram bot that stores wallet private keys in MongoDB and retrieves them at runtime. The MongoDB connection string pattern includes a hardcoded cluster name, and the wallet private key is stored in the database rather than as an environment variable. [05:18:07] [26/35] Analyzing exeempire/InstaBoostPRO-33... [05:18:14] [24/35] SKIP moruklabs/dev-archive — This is an RSS feed archive repository that aggregates GitHub trending project descriptions. It does not contain any wallet project code, credentials, or sensitive data. [05:18:14] [27/35] Analyzing melodic456/telegram_task_admin... [05:18:16] [26/35] SKIP exeempire/InstaBoostPRO-33 — This is a Social Media Marketing (SMM) panel for Instagram services, not a crypto wallet project. It contains a hardcoded MongoDB connection string but handles no cryptocurrency or private keys. [05:18:16] [28/35] Analyzing exeempire/InstaBoostPRO... [05:18:17] [25/35] SKIP exeempire/InstaBoostPRO-master-testing — This is a Social Media Marketing (SMM) panel for selling Instagram followers/likes/views, not a crypto wallet project. It has hardcoded MongoDB and Telegram bot credentials but handles no cryptocurrency whatsoever. [05:18:17] [29/35] Analyzing sammydick22/InventoryPulse-backend... [05:18:26] [29/35] SKIP sammydick22/InventoryPulse-backend — This is an inventory management system (InventoryPulse), not a crypto wallet project. It contains an accidentally committed MongoDB Atlas connection string, but it has nothing to do with cryptocurrency wallets or private keys. [05:18:26] [30/35] Analyzing Soil2Sale/SE-Backend... [05:18:27] [28/35] SKIP exeempire/InstaBoostPRO — This is a Social Media Marketing (SMM) panel for selling Instagram followers/likes, not a crypto wallet project. It contains hardcoded MongoDB and Telegram bot credentials but handles no cryptocurrency funds. [05:18:27] [31/35] Analyzing Janakiraman1021/EvoLaunch... [05:18:29] [27/35] SKIP melodic456/telegram_task_admin — This is a Telegram task/earning bot with wallet address management (not a crypto wallet project). It contains hardcoded Telegram bot tokens and a MongoDB password fragment, but does not handle private keys, seed phrases, or real crypto funds. [05:18:29] [32/35] Analyzing attid/MyMTLWalletBot... [05:18:35] [30/35] SKIP Soil2Sale/SE-Backend — This is an agricultural marketplace backend (Soil2Sale) with internal wallet/transaction features for marketplace payments, not a crypto wallet project handling private keys or seed phrases. [05:18:35] [33/35] Analyzing QuantFi-Ai/SolMAte... [05:18:36] [31/35] SKIP Janakiraman1021/EvoLaunch — EvoLaunch is an AI-powered token launch platform on BNB Chain. It is not a wallet project and contains no accidentally committed credentials. [05:18:36] [34/35] Analyzing Blackhatdawn/coinbase-love... [05:18:38] [32/35] SKIP attid/MyMTLWalletBot — This is a Telegram wallet bot for Stellar/Tron/TON blockchains, but the .env.template file contains only placeholder/example credentials, not real accidentally committed secrets. [05:18:38] [35/35] Analyzing forestdeven-sys/axm-fiscal-ledger... [05:18:46] [34/35] SKIP Blackhatdawn/coinbase-love — This is a crypto trading platform template/project with proper environment variable usage for all credentials. No accidentally committed secrets, databases with private keys, or hardcoded credentials found. [05:18:48] [33/35] MATCH QuantFi-Ai/SolMAte — This repository contains hardcoded Twitter OAuth credentials (client_id and client_secret) directly in the source code, and is a crypto-adjacent social/wallet platform that stores wallet addresses and trading data. [05:18:48] [35/35] SKIP forestdeven-sys/axm-fiscal-ledger — This is a personal finance dashboard/budgeting app scaffold (Next.js) with an uploaded planning document about a theoretical DeFAI trading agent. No actual wallet code, no committed credentials, no databases with private keys. [05:18:48] Searching: "mongodb+srv wallet service api key secret" [05:18:50] Page 1: +100 items, 90 repos total [05:18:56] Found 90 repos (84 new, 6 already seen) [05:18:56] [1/84] Analyzing saksham1508/nexttechfusiongadgets... [05:18:56] [2/84] Analyzing mizazhaider-ceh/Web-Security-Google-Dorking... [05:18:56] [3/84] Analyzing kwel999/musica... [05:19:04] [1/84] SKIP saksham1508/nexttechfusiongadgets — This is an e-commerce/quick-commerce platform for tech gadgets, not a crypto wallet project. The API keys shown are placeholder examples in a configuration guide. [05:19:04] [4/84] Analyzing Botbynetz/super-app... [05:19:06] [3/84] SKIP kwel999/musica — This is an Amino (social media platform) chat bot, not a crypto wallet project. The 'wallet' command refers to Amino's in-app coin system, not cryptocurrency. [05:19:06] [5/84] Analyzing isbjornDAO/isbjorn-home... [05:19:09] [2/84] SKIP mizazhaider-ceh/Web-Security-Google-Dorking — This is a penetration testing educational repository containing writeups about Google Dorking techniques for security testing. It does not contain any actual committed credentials or wallet-related code. [05:19:09] [6/84] Analyzing sandipan1nayek/Car... [05:19:13] [4/84] SKIP Botbynetz/super-app — This is a 'super app' with an in-app virtual coin/wallet system (not a crypto wallet handling real private keys or seed phrases). No accidentally committed credentials were found. [05:19:13] [7/84] Analyzing 2satoshy/micasa... [05:19:14] [5/84] SKIP isbjornDAO/isbjorn-home — This is a conservation donation platform (not a crypto wallet project) that uses placeholder API keys in its setup guide documentation, not real accidentally committed credentials. [05:19:14] [8/84] Analyzing quickfyndcom-wq/quickfynd.com... [05:19:18] [6/84] SKIP sandipan1nayek/Car — This is a ride-sharing (Uber-like) app backend, not a crypto wallet project. The credentials shown are placeholder/template values in documentation. [05:19:18] [9/84] Analyzing lucasadilla/ConU_Hax_X... [05:19:22] [8/84] SKIP quickfyndcom-wq/quickfynd.com — This is an e-commerce marketplace platform (QuickFynd) built with Next.js, not a crypto wallet project. The environment variables shown are all empty placeholders in documentation. [05:19:22] [10/84] Analyzing VAIOT/lottery-backend... [05:19:24] [7/84] SKIP 2satoshy/micasa — This is a smart home platform with a crypto wallet component, but contains no accidentally committed credentials — only placeholder/template values in setup documentation. [05:19:24] [11/84] Analyzing cenetex/cosyworld... [05:19:25] [9/84] SKIP lucasadilla/ConU_Hax_X — This is a hackathon project (ConUHacks X) that integrates Phantom wallet for NFT badge rewards. The credentials shown are placeholders/templates in documentation, not real leaked credentials. [05:19:25] [12/84] Analyzing f80dev/TokenSol... [05:19:30] [10/84] SKIP VAIOT/lottery-backend — This is a raffle/lottery backend for VAIOT that manages Twitter-based raffles with crypto token prizes. It is not a crypto wallet project and contains no accidentally committed credentials. [05:19:30] [13/84] Analyzing GautamTalksDev/aeroguard-tech... [05:19:32] [11/84] SKIP cenetex/cosyworld — CosyWorld is a multi-platform AI community management system (Discord/X/Telegram) with a configuration wizard. It is not a crypto wallet project and contains no accidentally committed credentials. [05:19:32] [14/84] Analyzing Kaybarax/todo-list-turborepo... [05:19:37] [12/84] MAYBE f80dev/TokenSol — This repository contains a secret.py file with numerous real credentials including MongoDB connection strings, Google API keys, GitHub tokens, Storj keys, and encryption keys for what appears to be an NFT/token project on Solana. [05:19:37] [15/84] Analyzing WajahatAliKK/backend-fusion-dApp... [05:19:38] [13/84] SKIP GautamTalksDev/aeroguard-tech — This is an incident management/decision-support system (AeroGuard) that uses Solana only for blockchain audit trails, not a crypto wallet project. All credentials are properly loaded from environment variables. [05:19:38] [16/84] Analyzing sjsu-abracadata/CMPE_256... [05:19:42] [14/84] SKIP Kaybarax/todo-list-turborepo — This is a Todo List monorepo template/showcase project with blockchain integration. The matched snippets are documentation placeholders showing environment variable configuration examples, not actual committed credentials. [05:19:42] [17/84] Analyzing w3f/Grant-Milestone-Delivery... [05:19:47] [15/84] MATCH WajahatAliKK/backend-fusion-dApp — A Solana wallet dApp backend with hardcoded MongoDB Atlas credentials and a QuikNode mainnet RPC API key committed directly in the source code. The service generates Solana keypairs, encrypts private keys, and stores them in the exposed MongoDB database. [05:19:47] [18/84] Analyzing givepraise/praise... [05:19:48] [16/84] SKIP sjsu-abracadata/CMPE_256 — This is a university data mining class project (CMPE-256) for news sentiment analysis, not a crypto wallet project. It contains accidentally committed MongoDB credentials but for a news articles database, not a wallet. [05:19:48] [19/84] Analyzing playdroplink/drop-link-v2-18... [05:19:51] [17/84] SKIP w3f/Grant-Milestone-Delivery — This is the W3F (Web3 Foundation) Grant Milestone Delivery repository used for submitting and evaluating grant milestones. It contains no wallet projects with committed credentials. [05:19:51] [20/84] Analyzing belulok/fairlance-project... [05:19:54] [18/84] SKIP givepraise/praise — This is a community recognition/praise system, not a crypto wallet project. The .env.template file contains empty placeholder variables, not actual credentials. [05:19:54] [21/84] Analyzing shmlkv/polymarket-copy-trading-bot... [05:20:02] [19/84] MATCH playdroplink/drop-link-v2-18 — Production env file committed with real Supabase credentials (including service role key, JWT secret, Postgres passwords), MongoDB URI with credentials, Pi Network API keys, and wallet configuration for a Pi Network payment-processing application. [05:20:02] [22/84] Analyzing jishnu-baruah/mintellect... [05:20:02] [21/84] SKIP shmlkv/polymarket-copy-trading-bot — This is a Polymarket copy trading bot that uses MongoDB and requires a private key via environment variables. No accidentally committed credentials or sensitive data found. [05:20:02] [23/84] Analyzing garvit027/project-pitlane... [05:20:03] [20/84] SKIP belulok/fairlance-project — This is a freelance marketplace platform (escrow service) with accidentally committed MongoDB credentials and VPS root password, but it is NOT a crypto wallet project that stores/manages private keys or handles real crypto funds directly. [05:20:03] [24/84] Analyzing harshshukla9/flapbitrum... [05:20:09] [23/84] SKIP garvit027/project-pitlane — This is a blockchain ticketing/NFT project with a .env file containing only placeholder values, not real credentials. [05:20:09] [25/84] Analyzing nukkamoto/symbiotic-syntheconomy-ai-coordination... [05:20:10] [24/84] SKIP harshshukla9/flapbitrum — This is a Flappy Bird game mini-app on Farcaster with Arbitrum branding. The env.example file contains only placeholder values, not real credentials. [05:20:10] [26/84] Analyzing Must-be-Ash/piggy... [05:20:14] [22/84] SKIP jishnu-baruah/mintellect — Mintellect is a blockchain-based research publishing platform (NFT minting for academic papers), not a crypto wallet project. It uses proper environment variable patterns for all credentials. [05:20:14] [27/84] Analyzing nukkamoto/symbiotic-syntheconomy... [05:20:16] [25/84] SKIP nukkamoto/symbiotic-syntheconomy-ai-coordination — This is an env.example file with placeholder values only — no real credentials are committed. The project is a 'bioregional ritual submission' simulation platform, not a crypto wallet project. [05:20:16] [28/84] Analyzing Devo-MH/web3-protfolio... [05:20:19] [26/84] SKIP Must-be-Ash/piggy — This is a crypto tipping/donation platform using CDP embedded wallets on Base Sepolia testnet, but it does NOT contain any accidentally committed credentials or sensitive data. [05:20:19] [29/84] Analyzing 7ttp/DeWatt... [05:20:21] [27/84] SKIP nukkamoto/symbiotic-syntheconomy — This is a decentralized simulation platform for bioregional ritual submission, not a crypto wallet project. The env.example file contains only placeholder values, not real credentials. [05:20:21] [30/84] Analyzing Beingdigitalraj/Q-auto-trade-Frontend... [05:20:26] [29/84] SKIP 7ttp/DeWatt — This is an EV charging platform with a `.env.example` file containing only placeholder credentials, not real accidentally committed secrets. [05:20:26] [31/84] Analyzing 7ttp/Staking-nasdaq... [05:20:28] [28/84] MATCH Devo-MH/web3-protfolio — This repository's env.example file contains what appear to be real, hardcoded credentials including private keys, a MongoDB Atlas connection string with username/password, JWT secret, Infura API key, Etherscan API key, Pinata JWT, and NFT Storage token — all committed to a Web3 portfolio/wallet management project. [05:20:28] [32/84] Analyzing anirudhk-tech/Haggl... [05:20:30] [30/84] SKIP Beingdigitalraj/Q-auto-trade-Frontend — This repository contains only placeholder/template credentials, not real accidentally committed secrets. All sensitive values are generic placeholders like 'your_wallet_private_key', 'your_jwt_secret_key', 'your-username:your-password'. [05:20:30] [33/84] Analyzing HackathonNiger/submissions... [05:20:35] [31/84] SKIP 7ttp/Staking-nasdaq — This is a staking platform template with a `.env.example` file containing placeholder credentials, not real accidentally committed secrets. [05:20:35] [34/84] Analyzing SAI-RANDIVE/rydo-web-app1... [05:20:38] [33/84] MATCH HackathonNiger/submissions — Hackathon project with real MongoDB Atlas credentials and JWT secrets committed directly in README files. This is a fintech savings platform (not a crypto wallet), but contains accidentally committed database credentials. [05:20:38] [35/84] Analyzing partik03/aieth... [05:20:40] [32/84] MAYBE anirudhk-tech/Haggl — The env.example file contains what appears to be a real Browserbase API key (`bb_live_lihjjuzl9amwS2H7wFQp4boE42c`) and project ID committed alongside placeholder values for other services. The project is a procurement engine with wallet/payment functionality. [05:20:40] [36/84] Analyzing Must-be-Ash/btwnfriends... [05:20:44] [34/84] SKIP SAI-RANDIVE/rydo-web-app1 — RYDO is a ride-hailing/care service platform (like Uber), not a crypto wallet project. It has hardcoded MongoDB credentials but handles ride bookings and fiat payments, not cryptocurrency. [05:20:44] [37/84] Analyzing RPBLC-hq/RPBLC.DAM... [05:20:48] [35/84] MAYBE partik03/aieth — A crypto wallet/UPI hackathon project with a hardcoded MongoDB Atlas connection string (with username 'hs05june' and password '1234567890') committed directly in chatbot_console.py. [05:20:48] [38/84] Analyzing alphatw221/algotech-lss-django... [05:20:48] [36/84] SKIP Must-be-Ash/btwnfriends — This is a peer-to-peer stablecoin payment app template with only placeholder/example credentials in a .env.example file, not real accidentally committed secrets. [05:20:48] [39/84] Analyzing aniketsahu115/Vintara... [05:20:53] [37/84] SKIP RPBLC-hq/RPBLC.DAM — This is a PII detection/firewall library for AI agents, not a crypto wallet project. The matched code snippets are test cases for detecting API keys and credentials as part of its PII scanning functionality. [05:20:53] [40/84] Analyzing JKashyap96/otel-log-generator... [05:20:55] [39/84] SKIP aniketsahu115/Vintara — This is a DeFi protocol project on Rootstock with a properly structured env.example file containing only placeholders — no real credentials are committed. [05:20:55] [41/84] Analyzing Ritabrata777/Medi-Chain-Aptos... [05:20:57] [38/84] SKIP alphatw221/algotech-lss-django — This is a live-selling/e-commerce Django application (Live Show Seller) with massively leaked production credentials, but it is NOT a crypto wallet project. [05:20:57] [42/84] Analyzing Abhinav-Malik-154/TradePro... [05:21:00] [40/84] SKIP JKashyap96/otel-log-generator — This is an OpenTelemetry log generator tool that creates synthetic/fake log data for testing purposes. It has no relation to crypto wallets or sensitive credentials. [05:21:00] [43/84] Analyzing mustafadalga/interview-striga... [05:21:02] [41/84] SKIP Ritabrata777/Medi-Chain-Aptos — This is a healthcare platform (MediChain) on Aptos blockchain, not a crypto wallet project. The credentials shown are placeholder/template values in a deployment guide, not real accidentally committed credentials. [05:21:02] [44/84] Analyzing vivekbadgujar/GameOn... [05:21:05] [42/84] SKIP Abhinav-Malik-154/TradePro — This is a trading platform project with deployment documentation showing placeholder/template environment variable examples, not actual committed credentials. [05:21:05] [45/84] Analyzing EdwardYambasu12/Backend-qureo... [05:21:09] [43/84] SKIP mustafadalga/interview-striga — This is an interview/take-home project for Striga (a crypto-as-a-service API) that has hardcoded MongoDB and sandbox API credentials, but it's not a wallet project handling real crypto funds. [05:21:09] [46/84] Analyzing Ojukwu12/Privote... [05:21:11] [44/84] SKIP vivekbadgujar/GameOn — This is a BGMI (gaming) tournament platform, not a crypto wallet project. It contains accidentally committed MongoDB credentials but does not handle cryptocurrency funds, private keys, or wallet functionality. [05:21:11] [47/84] Analyzing Thee-sage/PlinkoChallenge_... [05:21:14] [45/84] SKIP EdwardYambasu12/Backend-qureo — This is a healthcare backend (Qureo) with a payment wallet feature using Stripe, not a crypto wallet project. However, it does contain a hardcoded MongoDB Atlas connection string with credentials. [05:21:14] [48/84] Analyzing savetree-1/gov-docflow-ai... [05:21:18] [46/84] SKIP Ojukwu12/Privote — This is a DAO voting backend using FHE encryption on Sepolia testnet. The deployment guide shows environment variable placeholders (e.g., `0x...`, `mongodb+srv://...`), not actual committed credentials. [05:21:18] [49/84] Analyzing Salekin-Nabil/quickmed-server-side... [05:21:19] [47/84] SKIP Thee-sage/PlinkoChallenge_ — This is a Plinko gambling game with virtual currency ('Zixos'), not a crypto wallet project. All credentials shown are placeholder examples in setup documentation. [05:21:19] [50/84] Analyzing prince-gladwin-in/Blockchain-Voting-System... [05:21:23] [48/84] SKIP savetree-1/gov-docflow-ai — This is a government document management system, not a crypto wallet project. The BLOCKCHAIN_PRIVATE_KEY reference is a placeholder in documentation for environment variable configuration. [05:21:23] [51/84] Analyzing bhagwatcoding/cms-winfoa... [05:21:27] [49/84] SKIP Salekin-Nabil/quickmed-server-side — This is a medical appointment booking platform (QuickMed) server, not a crypto wallet project. It uses proper environment variables for all credentials. [05:21:27] [52/84] Analyzing Christian-Akor/FINTECH-WALLET-SYSTEM... [05:21:28] [50/84] SKIP prince-gladwin-in/Blockchain-Voting-System — This is a blockchain voting system project, not a crypto wallet project. It contains only placeholder environment variable examples in deployment documentation, not real committed credentials. [05:21:28] [53/84] Analyzing dha2213/Medicinewala... [05:21:32] [51/84] SKIP bhagwatcoding/cms-winfoa — This is a multi-subdomain web platform (CMS) with a 'wallet' subdomain for digital payments/billing — not a crypto wallet project. All credentials in the .env files are placeholders/templates. [05:21:32] [54/84] Analyzing MichaelCrowe11/crypto-trading-platform... [05:21:36] [52/84] SKIP Christian-Akor/FINTECH-WALLET-SYSTEM — This is a fintech wallet system (Opay/Palmpay clone) that handles fiat digital wallet transfers, not crypto. The MongoDB URI in DEPLOYMENT.md is a placeholder example (`user:pass@cluster`), not real credentials. [05:21:36] [55/84] Analyzing sushilpandeyy/Burp... [05:21:36] [53/84] SKIP dha2213/Medicinewala — This is an online pharmacy delivery web application (Medicinewala), not a crypto wallet project. It contains hardcoded Gmail app password credentials but has nothing to do with cryptocurrency. [05:21:36] [56/84] Analyzing derohaze/cryptonel-website... [05:21:41] [54/84] SKIP MichaelCrowe11/crypto-trading-platform — This is a cryptocurrency trading platform template/boilerplate that uses placeholder values for all credentials and follows proper secret management practices via Fly.io secrets. [05:21:41] [57/84] Analyzing ddefi0175-netizen/Snipe... [05:21:45] [56/84] SKIP derohaze/cryptonel-website — This is a cryptocurrency wallet platform (Cryptonel/CRN) that properly uses environment variables and .env files for sensitive configuration, with no accidentally committed credentials found. [05:21:45] [58/84] Analyzing himgoapp/HimGo-FullStack... [05:21:47] [55/84] SKIP sushilpandeyy/Burp — BURP is a crypto investment platform, but the repository contains only placeholder/template credentials in setup documentation, not real accidentally committed secrets. [05:21:47] [59/84] Analyzing apeiron888/LoyalCoin... [05:21:50] [57/84] SKIP ddefi0175-netizen/Snipe — This is a trading platform with wallet connection support, but it explicitly follows security best practices with no hardcoded credentials — environment variables are used for all secrets. [05:21:50] [60/84] Analyzing binod12356712/cryptt... [05:21:53] [58/84] SKIP himgoapp/HimGo-FullStack — This is a ride-hailing driver app (like Uber), not a crypto wallet project. It has no crypto private keys, seed phrases, or wallet functionality related to cryptocurrency. [05:21:53] [61/84] Analyzing bekirmfr/DeCloud.Orchestrator... [05:21:54] [59/84] SKIP apeiron888/LoyalCoin — LoyalCoin is a Cardano-based loyalty rewards platform that properly uses environment variables and secret management (HashiCorp Vault) for all sensitive credentials. No actual credentials are committed. [05:21:54] [62/84] Analyzing hitazuranahiro/ChargeX-Telematics-API... [05:22:00] [60/84] SKIP binod12356712/cryptt — This is a crypto trading/prediction platform (not a wallet managing private keys) with hardcoded Cloudinary, MongoDB, and Gmail credentials — but no private keys, seed phrases, or wallet private key storage. [05:22:00] [63/84] Analyzing Sorcha-Platform/Sorcha... [05:22:02] [62/84] SKIP hitazuranahiro/ChargeX-Telematics-API — This is an IoT telematics system for battery monitoring and management, not a crypto wallet project. The ENV_SETUP.md contains only placeholder/template values for environment variables, not real credentials. [05:22:02] [64/84] Analyzing Gwennovation/t0kenrent... [05:22:03] [61/84] SKIP bekirmfr/DeCloud.Orchestrator — This is a decentralized cloud orchestrator (VM management platform) installation script that accepts private keys as command-line arguments but stores them securely in environment files — it is not a crypto wallet project and contains no accidentally committed credentials. [05:22:03] [65/84] Analyzing navdiya-nikunj/CertifyMe... [05:22:10] [64/84] SKIP Gwennovation/t0kenrent — This is a BSV blockchain rental marketplace project. The matched snippets are placeholder/template values in a setup guide, not real accidentally committed credentials. [05:22:10] [66/84] Analyzing MYounesDev/stellargo... [05:22:10] [65/84] SKIP navdiya-nikunj/CertifyMe — This is a blockchain certification platform (NFT certificates), not a crypto wallet project. The MongoDB URI and JWT secret shown are placeholder examples in README documentation. [05:22:10] [67/84] Analyzing Eshrak20/Digital-Wallet-Express-JS... [05:22:10] [63/84] SKIP Sorcha-Platform/Sorcha — This is a distributed ledger platform for data workflow orchestration, not a crypto wallet project handling real funds. The MongoDB/PostgreSQL connection strings shown are clearly placeholder examples in documentation. [05:22:10] [68/84] Analyzing Anoop840/AG-Gems... [05:22:17] [66/84] SKIP MYounesDev/stellargo — StellarGo is a location-based SocialFi platform on Stellar Network. The matched code snippet is just a placeholder/example in an installation guide showing how to configure environment variables. [05:22:17] [69/84] Analyzing oussamadhraief/3aweni... [05:22:18] [67/84] SKIP Eshrak20/Digital-Wallet-Express-JS — This is a digital wallet management system (like a mobile banking app handling fiat currency in Bangladeshi Taka), not a crypto wallet project. It does not contain accidentally committed credentials or sensitive data. [05:22:18] [70/84] Analyzing abilashps37-wq/mainn... [05:22:20] [68/84] SKIP Anoop840/AG-Gems — This is a MERN e-commerce application (jewelry store) with crypto payment acceptance capability, but all credentials shown are placeholders/templates in deployment documentation, not real leaked secrets. [05:22:20] [71/84] Analyzing dikshantbhangala/GLOBLEX-PAY-APP... [05:22:24] [69/84] SKIP oussamadhraief/3aweni — This is a crowdfunding/fundraising platform ('3aweni' means 'help me' in Arabic), not a crypto wallet project. It has no relation to cryptocurrency wallets, private keys, or seed phrases. [05:22:24] [72/84] Analyzing roel-sundiam/PlaySquad... [05:22:27] [70/84] SKIP abilashps37-wq/mainn — This is a blockchain-based land registry system, not a crypto wallet project. The matched snippets are placeholder/template values in setup documentation. [05:22:27] [73/84] Analyzing pradeepyadav5137/BookNest... [05:22:28] [71/84] SKIP dikshantbhangala/GLOBLEX-PAY-APP — This is a cross-border payment app (fiat currency, not crypto) with only placeholder/template credentials in its README setup instructions. [05:22:28] [74/84] Analyzing Bullmoneyofficial/bullmoney.online... [05:22:32] [72/84] SKIP roel-sundiam/PlaySquad — PlaySquad is a sports club matchmaking app for organizing doubles games, not a crypto wallet project. It has no cryptocurrency functionality whatsoever. [05:22:32] [75/84] Analyzing AkshayJalageri/Namma-TapNGo... [05:22:34] [73/84] SKIP pradeepyadav5137/BookNest — BookNest is a book marketplace application (buy/sell books), not a crypto wallet project. The environment variable examples shown are placeholder templates, not real credentials. [05:22:34] [76/84] Analyzing AnilNikam/poker-card... [05:22:38] [74/84] SKIP Bullmoneyofficial/bullmoney.online — This is a crypto trading/entertainment platform (not a wallet project) with some real credentials in an .env.production.example file, but it does not handle private keys, seed phrases, or wallet storage. [05:22:38] [77/84] Analyzing OGGY418/solana-prediction-market... [05:22:39] [75/84] SKIP AkshayJalageri/Namma-TapNGo — This is a metro ticketing simulation system with a simple wallet for fare payments, not a crypto wallet project. No real credentials are committed. [05:22:39] [78/84] Analyzing SGK112/CRM... [05:22:42] [76/84] SKIP AnilNikam/poker-card — This is a poker/rummy card game project, not a crypto wallet project. While it contains multiple hardcoded API keys and credentials, it does not handle crypto wallet operations like storing private keys, seed phrases, or sending/receiving crypto funds. [05:22:42] [79/84] Analyzing Sirisha-Dasari/MedChain... [05:22:47] [78/84] SKIP SGK112/CRM — This is a CRM (Customer Relationship Management) system for a construction/remodeling business, not a crypto wallet project. The 'Wallet API' mentioned is a CRM feature, not a cryptocurrency wallet. [05:22:47] [80/84] Analyzing akashmhadgut/captcha-backend... [05:22:47] [77/84] SKIP OGGY418/solana-prediction-market — This is a Solana prediction market platform, not a crypto wallet project. The MongoDB connection string shown is a placeholder template in documentation, not accidentally committed real credentials. [05:22:47] [81/84] Analyzing cazicruz/e-com_Backend... [05:22:49] [79/84] SKIP Sirisha-Dasari/MedChain — This is a blockchain-based medical records system (not a crypto wallet project), and it uses proper .env configuration with placeholder values — no real credentials are committed. [05:22:49] [82/84] Analyzing gauravghatol/BitVault... [05:22:54] [80/84] SKIP akashmhadgut/captcha-backend — This is a captcha-solving earning platform with a fiat wallet (INR/Razorpay), not a crypto wallet project. It contains no accidentally committed credentials. [05:22:54] [83/84] Analyzing sujalcharati/Walleto... [05:22:54] [81/84] SKIP cazicruz/e-com_Backend — This is an e-commerce/VTU (Virtual Top-Up) backend application for Nigerian telecom services, not a crypto wallet project. All credentials shown are placeholders in documentation. [05:22:54] [84/84] Analyzing delphian/tronrelic... [05:23:00] [82/84] MATCH gauravghatol/BitVault — Bitcoin wallet management system with real MongoDB credentials, JWT secret, encryption keys, and Gmail app password accidentally committed in DEPLOYMENT.md. [05:23:01] [83/84] SKIP sujalcharati/Walleto — Walleto is a personal expense tracker (income/expenses), not a crypto wallet project. The MongoDB connection string and secret_key shown are placeholders in a deployment guide. [05:23:03] [84/84] SKIP delphian/tronrelic — TronRelic is a TRON blockchain analytics/monitoring platform, not a wallet project. The matched snippet is a placeholder example value in documentation, not an accidentally committed credential. [05:23:03] Searching: "mongodb+srv e-wallet crypto payment" [05:23:04] Page 1: +8 items, 7 repos total [05:23:04] Found 7 repos (7 new, 0 already seen) [05:23:04] [1/7] Analyzing thaihadefi/Travel-Website-Final... [05:23:04] [2/7] Analyzing chavapalmarubin-lab/FIDUS... [05:23:04] [3/7] Analyzing Blessedbiello/NinjaPay_v5... [05:23:12] [1/7] SKIP thaihadefi/Travel-Website-Final — This is a travel/tour booking website, not a crypto wallet project. It has no relation to cryptocurrency wallets, private keys, or seed phrases. [05:23:12] [4/7] Analyzing ALADETAN-IFE/Hng-Stage8-be-Wallet-Service-with-Paystack-JWT-API-Keys... [05:23:14] [2/7] SKIP chavapalmarubin-lab/FIDUS — FIDUS is an investment management platform with MT5 trading integration and crypto deposit address management, but it does not contain accidentally committed credentials or sensitive wallet data. [05:23:14] [5/7] Analyzing abhimvp/Strides... [05:23:15] [3/7] SKIP Blessedbiello/NinjaPay_v5 — This is a hackathon project plan/documentation for a privacy-focused Solana payment platform. It contains only placeholder credential strings (e.g., 'postgresql://...', 'mongodb+srv://...') in documentation/planning files, not real committed credentials. [05:23:15] [6/7] Analyzing anhminh1241/SkyHome_Be... [05:23:21] [4/7] SKIP ALADETAN-IFE/Hng-Stage8-be-Wallet-Service-with-Paystack-JWT-API-Keys — This is an HNG bootcamp task submission for a fiat wallet service (NGN/Paystack), not a crypto wallet. All credentials shown are placeholders in README documentation. [05:23:21] [7/7] Analyzing egyw/proyek-fpw... [05:23:23] [6/7] SKIP anhminh1241/SkyHome_Be — This is a home services booking backend (NestJS + MongoDB) called SkyHome, not a crypto wallet project. It has no relation to cryptocurrency wallets or private key management. [05:23:25] [5/7] SKIP abhimvp/Strides — This is a personal finance and productivity tracking app (expense tracker, task manager, trip planner) — not a crypto wallet project. It has no relation to cryptocurrency private keys, seed phrases, or wallet management. [05:23:29] [7/7] SKIP egyw/proyek-fpw — This is a Next.js e-commerce platform for building materials, not a crypto wallet project. It uses MongoDB but for product/user data, not cryptocurrency private keys. [05:23:29] Done [05:23:29] Analyzed: 866 repos [05:23:29] Matches: 67 [05:23:29] Time: 46m 54s