skills/aaaaqwq/claude-code-skills/tianyancha-cn/Snyk

tianyancha-cn

Fail

Audited by Snyk on May 19, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 0.80). The prompt shows examples that embed API tokens directly (e.g., curl -H "Authorization: YOUR_TOKEN" and instantiating Tianyancha(API_KEY)), which encourages including secret values verbatim in commands/code and thus creates an exfiltration risk.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

May 19, 2026, 04:32 PM

Issues

1

Security Audit — snyk — tianyancha-cn