byted-kickart-saliency-segmenter

Fail

Audited by Snyk on Jul 4, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). 该技能明确要求用户在聊天中提供 ACCESS_KEY_ID/SECRET_ACCESS_KEY 并将其明文插入 export/echo 等命令(以及通过 echo 打印环境变量),会导致密钥在模型交互和输出中被明文暴露,属于高风险不安全处理。

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The package includes explicit social-engineering instructions to ask users to paste ACCESS_KEY_ID/SECRET_ACCESS_KEY in chat, and the code logs Authorization headers/bodies to disk while sending data to external endpoints — indicating deliberate credential harvesting and potential data exfiltration.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 4, 2026, 10:42 AM
Issues
2
Security Audit — snyk — byted-kickart-saliency-segmenter