I ran the app (release v0.0.1, AMD) on Kubuntu 20.10. Without "-p", it finds nothing. With "-p", everything in bin at least is flagged as exploitable. I am left wondering what any of this means, and what I do/don't need to fix in my system.

I tried adding a dangerous file with 777 and SUID permissions to my /bin directory; traitor without "-p" didn't flag it as dangerous.

Perhaps you could add to the README: run without "-p", then if no threats found, create file SOMETHING with permissions NNN and run again without "-p", see it reported as a threat. Or some other simple example of a deliberate threat.

Perhaps you could add to each exploitable case: some brief indication of what is wrong. For example, when run with "-p", it says "man" is exploitable on my machine, and pops a root shell. But I am left with no reason why, or how to fix it. /bin/man seems to have proper permissions on my machine. Is the vulnerability elsewhere ? How do I fix it ? Is there any vulnerability at all ?

Thanks.