dashi-ppt

Fail

Audited by Snyk on Jul 16, 2026

Risk Level: HIGH
Full Analysis

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the skill files for literal, high-entropy credentials. I found a base64-like token embedded as the xsec_token query parameter in a Xiaohongshu profile URL. This value (ABrZskc1MUcZWWuuMx7Fw52HYKSmhrHM2leT3iiPnMmG8=) is not a documentation placeholder and appears to be a real, high-entropy token (URL-encoded in the file). That meets the secret definition (usable token-like credential) and should be treated as sensitive.

No other high-entropy API keys, private keys, or similar secrets were present. Other values (e.g., simple example strings, port numbers, environment variable names, registry URL) are documentation/configuration and were ignored per the rules.

Issues (1)

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 16, 2026, 11:34 AM
Issues
1
Security Audit — snyk — dashi-ppt