dashi-ppt
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the skill files for literal, high-entropy credentials. I found a base64-like token embedded as the xsec_token query parameter in a Xiaohongshu profile URL. This value (ABrZskc1MUcZWWuuMx7Fw52HYKSmhrHM2leT3iiPnMmG8=) is not a documentation placeholder and appears to be a real, high-entropy token (URL-encoded in the file). That meets the secret definition (usable token-like credential) and should be treated as sensitive.
No other high-entropy API keys, private keys, or similar secrets were present. Other values (e.g., simple example strings, port numbers, environment variable names, registry URL) are documentation/configuration and were ignored per the rules.
Issues (1)
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata