Skills
skills/cline/skills/cosmosdb-best-practices/Snyk

cosmosdb-best-practices

Fail

Audited by Snyk on Jun 19, 2026

Risk Level: HIGH
Full Analysis

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the skill content for literal, high-entropy credentials. I found the well-known Azure Cosmos DB Emulator master key value:

C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==

It appears verbatim in rules/sdk-emulator-ssl.md (labelled "Well-known emulator key") and is used in multiple emulator examples (.NET, Python, Node.js, Java). This is a high-entropy literal that functions as an authentication token for the local Cosmos DB Emulator. Note: other values in the doc are placeholders (e.g., "connectionString", "", "HOST", "MASTER_KEY") or configuration flags and were ignored per the false-positive rules.

Issues (1)

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 19, 2026, 12:27 PM
Issues
1
Security Audit — snyk — cosmosdb-best-practices