byted-kickart-video-analyzer
Fail
Audited by Snyk on Jun 30, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). This skill explicitly asks the user to paste sensitive AK/SK into the chat and includes commands that echo/export those secrets (e.g., echoing ARK_SKILL_API_KEY/SECRET_ACCESS_KEY and instructing users to provide ACCESS_KEY_ID/SECRET_ACCESS_KEY), which requires the LLM to handle and output secret values verbatim — a direct exfiltration risk.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The package contains explicit social-engineering instructions to ask users to paste AK/SK into chat (credential harvesting) and the client code logs/forwards requests (including auth headers) to remote endpoints, which constitutes intentional credential theft/data exfiltration risk.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
Audit Metadata