[bundle] Update 18 worlds (worlds-wheels-2026-06-15)

[oliver-the-multiworld-squirrel]

Hey folks, I found a bunch of new updates for 18 worlds. I'm gonna grab some info on them for y'all.

Location: MultiworldGG/MultiworldGG-Beta@worlds-wheels-2026-06-15
Release tag: worlds-wheels-2026-06-15
APWorlds: am2r, crosscode, factorio_saws, hk, huniepop, mlss, mmx3, nine_sols, oot, papermario, poe, pokemon_crystal, rabi_ribi, rotn, srb2, tloz_ph, ultrakill, wl4
Skipped (not on Index): grinch

• am2r: worlds_am2r-1.4.6-py3-none-any.whl (37 KB)
• crosscode: worlds_crosscode-0.9.2-py3-none-any.whl (155 KB)
• factorio_saws: worlds_factorio_saws-0.9.2-py3-none-any.whl (875 KB)
• hk: worlds_hk-1.1.4-py3-none-any.whl (266 KB)
• huniepop: worlds_huniepop-2.3.1-py3-none-any.whl (38 KB)
• mlss: worlds_mlss-1.10.2-py3-none-any.whl (85 KB)
• mmx3: worlds_mmx3-1.5.2-py3-none-any.whl (71 KB)
• nine_sols: worlds_nine_sols-0.5.5-py3-none-any.whl (3.05 MB)
• oot: worlds_oot-9.1.0-py3-none-any.whl (2.77 MB)
• papermario: worlds_papermario-0.0.1-py3-none-any.whl (1.45 MB)
• poe: worlds_poe-2.1.0-py3-none-any.whl (2.69 MB)
• pokemon_crystal: worlds_pokemon_crystal-5.4.6-py3-none-any.whl (647 KB)
• rabi_ribi: worlds_rabi_ribi-1.5.3-py3-none-any.whl (243 KB)
• rotn: worlds_rotn-0.13.0-py3-none-any.whl (19 KB)
• srb2: worlds_srb2-1.7.2-py3-none-any.whl (96 KB)
• tloz_ph: worlds_tloz_ph-0.9.4-py3-none-any.whl (2.49 MB)
• ultrakill: worlds_ultrakill-3.5.3-py3-none-any.whl (51 KB)
• wl4: worlds_wl4-3.4.0-py3-none-any.whl (66 KB)

Karen Head of Multiworld QA bot is gathering the manifests for 18 worlds and cross referencing. She'll review them individually in a moment.

[karen-head-of-multiworld-qa]

Karen: Quality Assurance Manager

Here to give a seal of quality to your APWorld, because no one wants to be a vector for an exploit.
Overall: ✅ PASS (18 world(s) checked)

am2r — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	2 URLs are right where I looked

crosscode — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

factorio_saws — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

hk — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

huniepop — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

mlss — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

mmx3 — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

nine_sols — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

oot — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

papermario — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

poe — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

pokemon_crystal — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

rabi_ribi — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

rotn — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

srb2 — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

tloz_ph — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

ultrakill — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

wl4 — ✅ pass

Check	Status	Notes
schema	✅ pass	archipelago.json looking good!
manifest_consistency	✅ pass	filename, url, and JSON shape are all consistent, nice!
url_reachability	✅ pass	1 URLs are right where I looked

All checks green, awesome job!

[karen-head-of-multiworld-qa]

Karen: Isolated QA Checks

World generation (fuzzer) results

am2r — ✅ pass

Check	Status	Notes
fuzzer	✅ pass	success=10 failure=0 timeout=0 ignored=0 rom=0 real=0 total=10
bandit	❌ fail	7 issues(s), we should look it over.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 0.1MB / cap 250MB
rom	✅ pass	no illegal games here
net	⚠️ warn	1 top-level network module imports, these are probably ok, but check them out.
ruff	captured	30 lint findings

Findings

bandit

• /work/extracted/worlds/am2r/Client.py:372 [B310/MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
• /work/extracted/worlds/am2r/init.py:38 [B310/MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
• /work/extracted/worlds/am2r/init.py:41 [B310/MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
• /work/extracted/worlds/am2r/init.py:57 [B323/MEDIUM] By default, Python will create a secure, verified ssl context for use in such classes as HTTPSConnection. However, it still allows using an insecure context via the _create_unverified_context that reverts to the previous behavior that does not validate certificates or perform hostname checks.
• /work/extracted/worlds/am2r/init.py:190 [B310/MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
• /work/extracted/worlds/am2r/init.py:193 [B310/MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
• /work/extracted/worlds/am2r/init.py:209 [B323/MEDIUM] By default, Python will create a secure, verified ssl context for use in such classes as HTTPSConnection. However, it still allows using an insecure context via the _create_unverified_context that reverts to the previous behavior that does not validate certificates or perform hostname checks.

net

• worlds/am2r/init.py: top-level import urllib.request at line 17

ruff

• /work/extracted/worlds/am2r/Client.py:9 F401 worlds.terraria imported but unused
• /work/extracted/worlds/am2r/Client.py:29 E711 Comparison to None should be cond is not None
• /work/extracted/worlds/am2r/Client.py:193 F541 f-string without any placeholders
• /work/extracted/worlds/am2r/Client.py:195 F541 f-string without any placeholders
• /work/extracted/worlds/am2r/Client.py:371 E401 Multiple imports on one line
• /work/extracted/worlds/am2r/Client.py:498 E722 Do not use bare except
• /work/extracted/worlds/am2r/Client.py:716 F841 Local variable e is assigned to but never used
• /work/extracted/worlds/am2r/Client.py:725 E712 Avoid equality comparisons to True; use data_decoded["Deathlinked"]: for truth checks
• /work/extracted/worlds/am2r/Client.py:754 F541 f-string without any placeholders
• /work/extracted/worlds/am2r/Client.py:775 F541 f-string without any placeholders
• /work/extracted/worlds/am2r/Client.py:784 F541 f-string without any placeholders
• /work/extracted/worlds/am2r/Client.py:785 F541 f-string without any placeholders
• /work/extracted/worlds/am2r/Client.py:802 F541 f-string without any placeholders
• /work/extracted/worlds/am2r/Client.py:832 F541 f-string without any placeholders
• /work/extracted/worlds/am2r/Client.py:992 E722 Do not use bare except
• …and 10 more

crosscode — ✅ pass

Check	Status	Notes
fuzzer	✅ pass	success=4 failure=0 timeout=0 ignored=6 rom=0 real=0 total=10
bandit	❌ fail	1 issues(s), we should look it over.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 1.8MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	2477 lint findings

Findings

bandit

• /work/extracted/worlds/crosscode/codegen/gen.py:43 [B701/HIGH] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.

ruff

• /work/extracted/worlds/crosscode/init.py:11 F401 .world.CrossCodeWorld imported but unused; consider removing, adding to __all__, or using a redundant alias
• /work/extracted/worlds/crosscode/init.py:12 F841 Local variable e is assigned to but never used
• /work/extracted/worlds/crosscode/codegen/gen.py:16 F401 ..types.items.ProgressiveItemChain imported but unused
• /work/extracted/worlds/crosscode/codegen/gen.py:16 F401 ..types.items.ProgressiveItemChainSingle imported but unused
• /work/extracted/worlds/crosscode/codegen/gen.py:16 F401 ..types.items.ProgressiveItemSubchain imported but unused
• /work/extracted/worlds/crosscode/codegen/gen.py:19 F811 Redefinition of unused RegionsData from line 15: RegionsData redefined here
• /work/extracted/worlds/crosscode/codegen/gen.py:317 E713 Test for membership should be not in
• /work/extracted/worlds/crosscode/codegen/lists.py:262 E711 Comparison to None should be cond is not None
• /work/extracted/worlds/crosscode/codegen/lists.py:362 F541 f-string without any placeholders
• /work/extracted/worlds/crosscode/codegen/lists.py:530 E711 Comparison to None should be cond is not None
• /work/extracted/worlds/crosscode/codegen/markers.py:117 E703 Statement ends with an unnecessary semicolon
• /work/extracted/worlds/crosscode/codegen/markers.py:118 E703 Statement ends with an unnecessary semicolon
• /work/extracted/worlds/crosscode/codegen/markers.py:137 E703 Statement ends with an unnecessary semicolon
• /work/extracted/worlds/crosscode/codegen/parse.py:5 F401 string imported but unused
• /work/extracted/worlds/crosscode/codegen/parse.py:16 F403 from ..types.condition import * used; unable to detect undefined names
• …and 10 more

factorio_saws — ⚠️ warn

Check	Status	Notes
fuzzer	⚠️ warn	success=4 failure=1 timeout=0 ignored=5 rom=0 real=1 total=10
bandit	❌ fail	2 issues(s), we should look it over.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 1.2MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	13 lint findings

Findings

bandit

• /work/extracted/worlds/factorio_saws/Client.py:651 [B103/MEDIUM] Chmod setting a permissive mask 0o755 on file (configure_sh).
• /work/extracted/worlds/factorio_saws/Mod.py:105 [B701/HIGH] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.

ruff

• /work/extracted/worlds/factorio_saws/Client.py:19 F401 CommonClient.server_loop imported but unused
• /work/extracted/worlds/factorio_saws/Mod.py:6 F401 shutil imported but unused
• /work/extracted/worlds/factorio_saws/Mod.py:17 F401 .Technologies.useless_technologies imported but unused
• /work/extracted/worlds/factorio_saws/Options.py:12 E731 Do not assign a lambda expression, use a def
• /work/extracted/worlds/factorio_saws/Options.py:517 E721 Use is and is not for type comparisons, or isinstance() for isinstance checks
• /work/extracted/worlds/factorio_saws/Technologies.py:25 E721 Use is and is not for type comparisons, or isinstance() for isinstance checks
• /work/extracted/worlds/factorio_saws/Technologies.py:289 E713 Test for membership should be not in
• /work/extracted/worlds/factorio_saws/Technologies.py:351 F811 Redefinition of unused recipes from line 338: recipes redefined here
• /work/extracted/worlds/factorio_saws/init.py:19 F401 .Technologies.recipe_sources imported but unused; consider removing, adding to __all__, or using a redundant alias
• /work/extracted/worlds/factorio_saws/init.py:21 F401 .Technologies.common_tech_table imported but unused; consider removing, adding to __all__, or using a redundant alias
• /work/extracted/worlds/factorio_saws/init.py:23 F401 .Technologies.stacking_items imported but unused; consider removing, adding to __all__, or using a redundant alias
• /work/extracted/worlds/factorio_saws/init.py:23 F401 .Technologies.progressive_rows imported but unused; consider removing, adding to __all__, or using a redundant alias
• /work/extracted/worlds/factorio_saws/settings.py:1 F401 typing imported but unused

hk — ⚠️ warn

Check	Status	Notes
fuzzer	⚠️ warn	success=5 failure=0 timeout=1 ignored=4 rom=0 real=0 total=10
bandit	✅ pass	Bandit didn't make out with anything worth mentioning.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 4.6MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	no lint findings

huniepop — ⚠️ warn

Check	Status	Notes
fuzzer	⚠️ warn	success=9 failure=1 timeout=0 ignored=0 rom=0 real=1 total=10
bandit	✅ pass	Bandit didn't make out with anything worth mentioning.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 0.2MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	34 lint findings

Findings

ruff

• /work/extracted/worlds/huniepop/CustomOption.py:82 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:88 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:94 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:100 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:114 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:120 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:125 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:130 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:137 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:174 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:180 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:186 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:192 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:197 E741 Ambiguous variable name: l
• /work/extracted/worlds/huniepop/CustomOption.py:202 E741 Ambiguous variable name: l
• …and 10 more

mlss — ✅ pass

Check	Status	Notes
fuzzer	✅ pass	success=10 failure=0 timeout=0 ignored=0 rom=0 real=0 total=10
bandit	✅ pass	Bandit didn't make out with anything worth mentioning.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 0.4MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	2 lint findings

Findings

ruff

• /work/extracted/worlds/mlss/init.py:9 F401 .Locations.location_table imported but unused; consider removing, adding to __all__, or using a redundant alias
• /work/extracted/worlds/mlss/init.py:13 F401 .Client.MLSSClient imported but unused; consider removing, adding to __all__, or using a redundant alias

mmx3 — ✅ pass

Check	Status	Notes
fuzzer	✅ pass	success=10 failure=0 timeout=0 ignored=0 rom=0 real=0 total=10
bandit	❌ fail	3 issues(s), we should look it over.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 0.3MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	50 lint findings

Findings

bandit

• /work/extracted/worlds/mmx3/Rom.py:465 [B324/HIGH] Use of weak MD5 hash for security. Consider usedforsecurity=False
• /work/extracted/worlds/mmx3/Rom.py:469 [B324/HIGH] Use of weak MD5 hash for security. Consider usedforsecurity=False
• /work/extracted/worlds/mmx3/init.py:49 [B324/HIGH] Use of weak MD5 hash for security. Consider usedforsecurity=False

ruff

• /work/extracted/worlds/mmx3/Client.py:2 F401 asyncio imported but unused
• /work/extracted/worlds/mmx3/Client.py:239 F541 f-string without any placeholders
• /work/extracted/worlds/mmx3/Client.py:256 F541 f-string without any placeholders
• /work/extracted/worlds/mmx3/Client.py:261 F541 f-string without any placeholders
• /work/extracted/worlds/mmx3/Client.py:387 F541 f-string without any placeholders
• /work/extracted/worlds/mmx3/Client.py:393 F541 f-string without any placeholders
• /work/extracted/worlds/mmx3/Client.py:442 F841 Local variable sending_game is assigned to but never used
• /work/extracted/worlds/mmx3/Client.py:628 F541 f-string without any placeholders
• /work/extracted/worlds/mmx3/Client.py:1142 F541 f-string without any placeholders
• /work/extracted/worlds/mmx3/Client.py:1145 F541 f-string without any placeholders
• /work/extracted/worlds/mmx3/Client.py:1150 E722 Do not use bare except
• /work/extracted/worlds/mmx3/Client.py:1151 F541 f-string without any placeholders
• /work/extracted/worlds/mmx3/Client.py:1154 F541 f-string without any placeholders
• /work/extracted/worlds/mmx3/Client.py:1159 F541 f-string without any placeholders
• /work/extracted/worlds/mmx3/Client.py:1169 F541 f-string without any placeholders
• …and 10 more

nine_sols — ✅ pass

Check	Status	Notes
fuzzer	✅ pass	success=3 failure=0 timeout=0 ignored=7 rom=0 real=0 total=10
bandit	✅ pass	Bandit didn't make out with anything worth mentioning.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 3.4MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	29 lint findings

Findings

ruff

• /work/extracted/worlds/nine_sols/init.py:1 F401 typing.Any imported but unused
• /work/extracted/worlds/nine_sols/init.py:11 F403 from .options import * used; unable to detect undefined names
• /work/extracted/worlds/nine_sols/init.py:28 F405 ShuffleSolSeals may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:29 F405 SealsForEigong may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:30 F405 SealsForPrison may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:31 F405 SealsForEthereal may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:34 F405 PreventWeakenedPrisonState may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:35 F405 SkipSoulscapePlatforming may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:36 F405 PreventAnnoyingRunbacks may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:37 F405 LogicDifficulty may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:40 F405 FirstRootNode may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:41 F405 ShuffleSomeRootNodes may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:44 F405 ShuffleGrapple may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:45 F405 ShuffleWallClimb may be undefined, or defined from star imports
• /work/extracted/worlds/nine_sols/init.py:46 F405 ShuffleLedgeGrab may be undefined, or defined from star imports
• …and 10 more

oot — ⚠️ warn

Check	Status	Notes
fuzzer	⚠️ warn	success=9 failure=1 timeout=0 ignored=0 rom=0 real=1 total=10
bandit	❌ fail	4 issues(s), we should look it over.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 8.3MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	377 lint findings

Findings

bandit

• /work/extracted/worlds/oot/RuleParser.py:257 [B307/MEDIUM] Use of possibly insecure function - consider using safer ast.literal_eval.
• /work/extracted/worlds/oot/RuleParser.py:269 [B307/MEDIUM] Use of possibly insecure function - consider using safer ast.literal_eval.
• /work/extracted/worlds/oot/RuleParser.py:279 [B307/MEDIUM] Use of possibly insecure function - consider using safer ast.literal_eval.
• /work/extracted/worlds/oot/RuleParser.py:410 [B307/MEDIUM] Use of possibly insecure function - consider using safer ast.literal_eval.

ruff

• /work/extracted/worlds/oot/ASM/build.py:156 E731 Do not assign a lambda expression, use a def
• /work/extracted/worlds/oot/ASM/rom_diff.py:3 F401 json imported but unused
• /work/extracted/worlds/oot/Adjuster.py:15 F401 .Options.DpadDungeonMenu imported but unused
• /work/extracted/worlds/oot/Adjuster.py:15 F401 .Options.SpeedupMusicForLastTriforcePiece imported but unused
• /work/extracted/worlds/oot/Adjuster.py:15 F401 .Options.SlowdownMusicWhenLowhp imported but unused
• /work/extracted/worlds/oot/Adjuster.py:16 F401 .Options.UninvertYAxisInFirstPersonCamera imported but unused
• /work/extracted/worlds/oot/Adjuster.py:16 F401 .Options.InputViewer imported but unused
• /work/extracted/worlds/oot/Adjuster.py:16 F401 .Options.DisableBattleMusic imported but unused
• /work/extracted/worlds/oot/Adjuster.py:16 F401 .Options.CreditsMusic imported but unused
• /work/extracted/worlds/oot/Adjuster.py:119 F401 tkinter.Tk imported but unused
• /work/extracted/worlds/oot/Audiobank.py:2 F401 io.FileIO imported but unused
• /work/extracted/worlds/oot/Audiobank.py:5 F401 .Rom.Rom imported but unused
• /work/extracted/worlds/oot/Audiobank.py:129 E721 Use is and is not for type comparisons, or isinstance() for isinstance checks
• /work/extracted/worlds/oot/Audiobank.py:138 E721 Use is and is not for type comparisons, or isinstance() for isinstance checks
• /work/extracted/worlds/oot/Audiobank.py:142 E721 Use is and is not for type comparisons, or isinstance() for isinstance checks
• …and 10 more

papermario — ❌ fail

Check	Status	Notes
fuzzer	❌ fail	success=1 failure=9 timeout=0 ignored=0 rom=0 real=9 total=10
bandit	❌ fail	4 issues(s), we should look it over.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 2.5MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	122 lint findings

Findings

bandit

• /work/extracted/worlds/papermario/RuleParser.py:260 [B307/MEDIUM] Use of possibly insecure function - consider using safer ast.literal_eval.
• /work/extracted/worlds/papermario/RuleParser.py:271 [B307/MEDIUM] Use of possibly insecure function - consider using safer ast.literal_eval.
• /work/extracted/worlds/papermario/RuleParser.py:280 [B307/MEDIUM] Use of possibly insecure function - consider using safer ast.literal_eval.
• /work/extracted/worlds/papermario/RuleParser.py:406 [B307/MEDIUM] Use of possibly insecure function - consider using safer ast.literal_eval.

ruff

• /work/extracted/worlds/papermario/Entrance.py:40 E711 Comparison to None should be cond is None
• /work/extracted/worlds/papermario/ItemPool.py:4 F401 collections.namedtuple imported but unused
• /work/extracted/worlds/papermario/ItemPool.py:5 F401 itertools.chain imported but unused
• /work/extracted/worlds/papermario/ItemPool.py:7 F401 .data.chapter_logic.areas_by_chapter imported but unused
• /work/extracted/worlds/papermario/ItemPool.py:11 F403 from .options import * used; unable to detect undefined names
• /work/extracted/worlds/papermario/ItemPool.py:59 F405 SpiritRequirements may be undefined, or defined from star imports
• /work/extracted/worlds/papermario/ItemPool.py:66 F405 SeedGoal may be undefined, or defined from star imports
• /work/extracted/worlds/papermario/ItemPool.py:120 F405 SpiritRequirements may be undefined, or defined from star imports
• /work/extracted/worlds/papermario/ItemPool.py:139 F405 ShuffleKootFavors may be undefined, or defined from star imports
• /work/extracted/worlds/papermario/ItemPool.py:141 F405 ShuffleKootFavors may be undefined, or defined from star imports
• /work/extracted/worlds/papermario/ItemPool.py:148 F405 ShuffleKootFavors may be undefined, or defined from star imports
• /work/extracted/worlds/papermario/ItemPool.py:155 F405 ShuffleLetters may be undefined, or defined from star imports
• /work/extracted/worlds/papermario/ItemPool.py:156 F405 ShuffleLetters may be undefined, or defined from star imports
• /work/extracted/worlds/papermario/ItemPool.py:158 F405 ShuffleLetters may be undefined, or defined from star imports
• /work/extracted/worlds/papermario/ItemPool.py:161 F405 ShuffleLetters may be undefined, or defined from star imports
• …and 10 more

poe — ✅ pass

Check	Status	Notes
fuzzer	✅ pass	success=10 failure=0 timeout=0 ignored=0 rom=0 real=0 total=10
bandit	❌ fail	1 issues(s), we should look it over.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 5.4MB / cap 250MB
rom	✅ pass	no illegal games here
net	⚠️ warn	1 top-level network module imports, these are probably ok, but check them out.
ruff	captured	95 lint findings

Findings

bandit

• /work/extracted/worlds/poe/data/scrape_act_areas.py:13 [B310/MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.

net

• worlds/poe/data/scrape_act_areas.py: top-level import urllib.request at line 6

ruff

• /work/extracted/worlds/poe/Items.py:1 F401 random imported but unused
• /work/extracted/worlds/poe/Items.py:6 F401 worlds.poe.PathOfExileWorld imported but unused
• /work/extracted/worlds/poe/Items.py:7 F401 worlds.poe.Options.PathOfExileOptions imported but unused
• /work/extracted/worlds/poe/Items.py:13 F401 worlds.poe.Locations imported but unused
• /work/extracted/worlds/poe/Items.py:14 F401 worlds.poe.Items imported but unused
• /work/extracted/worlds/poe/Items.py:105 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/poe/Items.py:113 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/poe/Items.py:124 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/poe/Items.py:132 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/poe/Items.py:143 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/poe/Items.py:151 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/poe/Items.py:164 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/poe/Items.py:172 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/poe/Items.py:180 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/poe/Locations.py:1 F401 json imported but unused
• …and 10 more

pokemon_crystal — ✅ pass

Check	Status	Notes
fuzzer	✅ pass	success=10 failure=0 timeout=0 ignored=0 rom=0 real=0 total=10
bandit	✅ pass	Bandit didn't make out with anything worth mentioning.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 2.3MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	167 lint findings

Findings

ruff

• /work/extracted/worlds/pokemon_crystal/init.py:1 F401 .client.PokemonCrystalClient imported but unused; consider removing, adding to __all__, or using a redundant alias
• /work/extracted/worlds/pokemon_crystal/init.py:2 F401 .world.PokemonCrystalWebWorld imported but unused; consider removing, adding to __all__, or using a redundant alias
• /work/extracted/worlds/pokemon_crystal/init.py:2 F401 .world.PokemonCrystalWorld imported but unused; consider removing, adding to __all__, or using a redundant alias
• /work/extracted/worlds/pokemon_crystal/init.py:2 F401 .world.PokemonCrystalSettings imported but unused; consider removing, adding to __all__, or using a redundant alias
• /work/extracted/worlds/pokemon_crystal/breeding.py:12 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/pokemon_crystal/breeding.py:17 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/pokemon_crystal/breeding.py:29 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/pokemon_crystal/breeding.py:57 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/pokemon_crystal/breeding.py:62 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/pokemon_crystal/breeding.py:71 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/pokemon_crystal/breeding.py:72 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/pokemon_crystal/breeding.py:75 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/pokemon_crystal/breeding.py:87 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/pokemon_crystal/client.py:406 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/pokemon_crystal/client.py:974 E701 Multiple statements on one line (colon)
• …and 10 more

rabi_ribi — ⚠️ warn

Check	Status	Notes
fuzzer	⚠️ warn	success=0 failure=0 timeout=0 ignored=10 rom=0 real=0 total=10
bandit	❌ fail	4 issues(s), we should look it over.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 0.9MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	613 lint findings

Findings

bandit

• /work/extracted/worlds/rabi_ribi/existing_randomizer/utility.py:157 [B307/MEDIUM] Use of possibly insecure function - consider using safer ast.literal_eval.
• /work/extracted/worlds/rabi_ribi/existing_randomizer/utility.py:163 [B307/MEDIUM] Use of possibly insecure function - consider using safer ast.literal_eval.
• /work/extracted/worlds/rabi_ribi/existing_randomizer/utility.py:450 [B324/HIGH] Use of weak MD5 hash for security. Consider usedforsecurity=False
• /work/extracted/worlds/rabi_ribi/existing_randomizer/utility.py:454 [B324/HIGH] Use of weak MD5 hash for security. Consider usedforsecurity=False

ruff

• /work/extracted/worlds/rabi_ribi/client/client.py:2 F401 ast imported but unused
• /work/extracted/worlds/rabi_ribi/client/client.py:108 E722 Do not use bare except
• /work/extracted/worlds/rabi_ribi/client/client.py:676 E722 Do not use bare except
• /work/extracted/worlds/rabi_ribi/data.py:171 E741 Ambiguous variable name: l
• /work/extracted/worlds/rabi_ribi/entrance_shuffle.py:56 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/rabi_ribi/entrance_shuffle.py:64 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/rabi_ribi/entrance_shuffle.py:126 E711 Comparison to None should be cond is not None
• /work/extracted/worlds/rabi_ribi/entrance_shuffle.py:138 E711 Comparison to None should be cond is None
• /work/extracted/worlds/rabi_ribi/entrance_shuffle.py:138 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/rabi_ribi/existing_randomizer/allocation.py:1 E401 Multiple imports on one line
• /work/extracted/worlds/rabi_ribi/existing_randomizer/allocation.py:74 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/rabi_ribi/existing_randomizer/allocation.py:104 E711 Comparison to None should be cond is not None
• /work/extracted/worlds/rabi_ribi/existing_randomizer/allocation.py:113 E701 Multiple statements on one line (colon)
• /work/extracted/worlds/rabi_ribi/existing_randomizer/allocation.py:122 E711 Comparison to None should be cond is None
• /work/extracted/worlds/rabi_ribi/existing_randomizer/allocation.py:122 E701 Multiple statements on one line (colon)
• …and 10 more

rotn — ✅ pass

Check	Status	Notes
fuzzer	✅ pass	success=10 failure=0 timeout=0 ignored=0 rom=0 real=0 total=10
bandit	✅ pass	Bandit didn't make out with anything worth mentioning.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 0.1MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	7 lint findings

Findings

ruff

• /work/extracted/worlds/rotn/RiftCollections.py:330 E711 Comparison to None should be cond is not None
• /work/extracted/worlds/rotn/RiftCollections.py:334 E711 Comparison to None should be cond is not None
• /work/extracted/worlds/rotn/RiftCollections.py:338 E711 Comparison to None should be cond is not None
• /work/extracted/worlds/rotn/RiftCollections.py:342 E711 Comparison to None should be cond is not None
• /work/extracted/worlds/rotn/datagen.py:8 F401 .items.SongData imported but unused
• /work/extracted/worlds/rotn/items.py:1 F401 typing.List imported but unused
• /work/extracted/worlds/rotn/test/test_filtering.py:2 F401 typing.List imported but unused

srb2 — ❌ fail

Check	Status	Notes
fuzzer	❌ fail	success=1 failure=9 timeout=0 ignored=0 rom=0 real=9 total=10
bandit	✅ pass	Bandit didn't make out with anything worth mentioning.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 0.7MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	74 lint findings

Findings

ruff

• /work/extracted/worlds/srb2/Client.py:3 F401 collections imported but unused
• /work/extracted/worlds/srb2/Client.py:8 F401 colorama imported but unused
• /work/extracted/worlds/srb2/Client.py:11 F401 functools imported but unused
• /work/extracted/worlds/srb2/Client.py:12 F401 warnings imported but unused
• /work/extracted/worlds/srb2/Client.py:18 E402 Module level import not at top of file
• /work/extracted/worlds/srb2/Client.py:19 E402 Module level import not at top of file
• /work/extracted/worlds/srb2/Client.py:19 F401 websockets imported but unused
• /work/extracted/worlds/srb2/Client.py:20 E402 Module level import not at top of file
• /work/extracted/worlds/srb2/Client.py:21 E402 Module level import not at top of file
• /work/extracted/worlds/srb2/Client.py:21 F401 struct imported but unused
• /work/extracted/worlds/srb2/Client.py:22 E402 Module level import not at top of file
• /work/extracted/worlds/srb2/Client.py:23 E402 Module level import not at top of file
• /work/extracted/worlds/srb2/Client.py:25 E402 Module level import not at top of file
• /work/extracted/worlds/srb2/Client.py:37 E402 Module level import not at top of file
• /work/extracted/worlds/srb2/Client.py:37 F401 MultiServer.CommandProcessor imported but unused
• …and 10 more

tloz_ph — ⚠️ warn

Check	Status	Notes
fuzzer	⚠️ warn	success=5 failure=5 timeout=0 ignored=0 rom=0 real=5 total=10
bandit	✅ pass	Bandit didn't make out with anything worth mentioning.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 3.4MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	1435 lint findings

Findings

ruff

• /work/extracted/worlds/tloz_ph/Client.py:1 F401 dataclasses imported but unused
• /work/extracted/worlds/tloz_ph/Client.py:5 F403 from .DSZeldaClient.DSZeldaClient import * used; unable to detect undefined names
• /work/extracted/worlds/tloz_ph/Client.py:11 F401 typing.Iterable imported but unused
• /work/extracted/worlds/tloz_ph/Client.py:14 F405 TYPE_CHECKING may be undefined, or defined from star imports
• /work/extracted/worlds/tloz_ph/Client.py:57 F541 f-string without any placeholders
• /work/extracted/worlds/tloz_ph/Client.py:76 F541 f-string without any placeholders
• /work/extracted/worlds/tloz_ph/Client.py:111 F405 PHAddr may be undefined, or defined from star imports
• /work/extracted/worlds/tloz_ph/Client.py:111 F405 PHAddr may be undefined, or defined from star imports
• /work/extracted/worlds/tloz_ph/Client.py:112 F405 PHAddr may be undefined, or defined from star imports
• /work/extracted/worlds/tloz_ph/Client.py:112 F405 PHAddr may be undefined, or defined from star imports
• /work/extracted/worlds/tloz_ph/Client.py:113 F405 PHAddr may be undefined, or defined from star imports
• /work/extracted/worlds/tloz_ph/Client.py:113 F405 PHAddr may be undefined, or defined from star imports
• /work/extracted/worlds/tloz_ph/Client.py:114 F405 PHAddr may be undefined, or defined from star imports
• /work/extracted/worlds/tloz_ph/Client.py:114 F405 PHAddr may be undefined, or defined from star imports
• /work/extracted/worlds/tloz_ph/Client.py:114 F405 PHAddr may be undefined, or defined from star imports
• …and 10 more

ultrakill — ⚠️ warn

Check	Status	Notes
fuzzer	⚠️ warn	success=0 failure=4 timeout=0 ignored=6 rom=0 real=4 total=10
bandit	✅ pass	Bandit didn't make out with anything worth mentioning.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 0.5MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	68 lint findings

Findings

ruff

• /work/extracted/worlds/ultrakill/Options.py:1 E401 Multiple imports on one line
• /work/extracted/worlds/ultrakill/Options.py:3 F401 Options.Visibility imported but unused
• /work/extracted/worlds/ultrakill/init.py:1 F401 json imported but unused
• /work/extracted/worlds/ultrakill/init.py:87 E711 Comparison to None should be cond is not None
• /work/extracted/worlds/ultrakill/init.py:380 E711 Comparison to None should be cond is None
• /work/extracted/worlds/ultrakill/init.py:439 E711 Comparison to None should be cond is not None
• /work/extracted/worlds/ultrakill/init.py:440 E713 Test for membership should be not in
• /work/extracted/worlds/ultrakill/init.py:506 E713 Test for membership should be not in
• /work/extracted/worlds/ultrakill/init.py:572 E711 Comparison to None should be cond is None
• /work/extracted/worlds/ultrakill/test/test_levels.py:1288 F811 Redefinition of unused TestS7G2 from line 1278: TestS7G2 redefined here
• /work/extracted/worlds/ultrakill/test/test_levels.py:2198 F811 Redefinition of unused TestS12G8 from line 2188: TestS12G8 redefined here
• /work/extracted/worlds/ultrakill/test/test_levels.py:2618 F811 Redefinition of unused TestS14G8 from line 2608: TestS14G8 redefined here
• /work/extracted/worlds/ultrakill/test/test_levels.py:3038 F811 Redefinition of unused TestS17G8 from line 3028: TestS17G8 redefined here
• /work/extracted/worlds/ultrakill/test/test_levels.py:3348 F811 Redefinition of unused TestS17G100 from line 3338: TestS17G100 redefined here
• /work/extracted/worlds/ultrakill/test/test_options.py:64 E741 Ambiguous variable name: l
• …and 10 more

wl4 — ✅ pass

Check	Status	Notes
fuzzer	✅ pass	success=5 failure=0 timeout=0 ignored=5 rom=0 real=0 total=10
bandit	✅ pass	Bandit didn't make out with anything worth mentioning.
pip-audit	skipped	not run in the offline sandbox
size	✅ pass	a very reasonable 0.2MB / cap 250MB
rom	✅ pass	no illegal games here
net	✅ pass	Only network I see is the one I'm responding on.
ruff	captured	no lint findings

[karen-head-of-multiworld-qa]

Karen can't sign off yet — the isolated QA checks (fuzz/scan) did not pass. See Karen's review and the Isolated QA Checks comment for the breakdown.