byted-kickart-video-analyzer

Fail

Audited by Snyk on Jun 30, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). This skill explicitly asks the user to paste sensitive AK/SK into the chat and includes commands that echo/export those secrets (e.g., echoing ARK_SKILL_API_KEY/SECRET_ACCESS_KEY and instructing users to provide ACCESS_KEY_ID/SECRET_ACCESS_KEY), which requires the LLM to handle and output secret values verbatim — a direct exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The package contains explicit social-engineering instructions to ask users to paste AK/SK into chat (credential harvesting) and the client code logs/forwards requests (including auth headers) to remote endpoints, which constitutes intentional credential theft/data exfiltration risk.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 30, 2026, 09:12 AM
Issues
2
Security Audit — snyk — byted-kickart-video-analyzer