byted-kickart-saliency-segmenter
Fail
Audited by Snyk on Jul 4, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). 该技能明确要求用户在聊天中提供 ACCESS_KEY_ID/SECRET_ACCESS_KEY 并将其明文插入 export/echo 等命令(以及通过 echo 打印环境变量),会导致密钥在模型交互和输出中被明文暴露,属于高风险不安全处理。
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The package includes explicit social-engineering instructions to ask users to paste ACCESS_KEY_ID/SECRET_ACCESS_KEY in chat, and the code logs Authorization headers/bodies to disk while sending data to external endpoints — indicating deliberate credential harvesting and potential data exfiltration.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
Audit Metadata