capability-evolver

Fail

Audited by Snyk on Jul 3, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). Most URLs are legitimate (npm package tarballs, GitHub, official docs, localhost) but the list also contains explicit malicious/typosquatted hosts, credential-bearing URLs and a direct suspicious tarball (e.g. https://evil/evil.tgz, https://evil.com, api.openai.com.evil.test, attacker.example.com), so the set should be treated as high risk for malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). Outsider-authored free text can enter the LLM context via EvoMap Hub–pushed mailbox messages (e.g., task_available, hub_event, asset_submit_result) that the agent reads from the local Proxy mailbox JSONL and then uses to construct prompts; those inbound payloads are not authored by the operating user.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I reviewed each automatically-detected potential match against the definitions and ignore rules you provided.

Findings (per potential match):

  • OPENAI_API_KEY: sk-abcdefghijklmnopqrstuvwxyz
  • Ignored — low-entropy, alphabet-run placeholder; matches documentation/example pattern.
  • GITHUB_TOKEN: ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1234
  • GITHUB_TOKEN: ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5678
  • Ignored — redacted / x-filled placeholder values.
  • GITHUB_TOKEN: gho_abcdefghijklmnopqrstuvwxyz1234567890
  • GITHUB_TOKEN: ghs_abcdefghijklmnopqrstuvwxyz1234567890
  • Ignored — contains obvious alphabetic sequence; looks like example/placeholder.
  • AWS_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE
  • Ignored — canonical AWS example key (contains "EXAMPLE"); documentation sample.
  • OPENAI_API_KEY: sk-proj-bxOCXoWsaPj0IDE1yqlXCXIkWO1f
  • Flagged — this is a literal, non-obvious, high-entropy string that matches OpenAI API key formatting (sk-proj-...). It appears to be a usable API credential rather than a placeholder or truncated/redacted sample. This meets the "actual API key / high-entropy" definition and should be treated as a secret leak.
  • ANTHROPIC_API_KEY: sk-ant-api03-abcdefghijklmnopqrst
  • Ignored — contains sequential alphabet characters; looks like a placeholder/example (low entropy).
  • ANTHROPIC_API_KEY: sk-ant-abcdef0123456789xyzqwertyuiop12345
  • Treated as ignored — although longer, it contains obvious patterned substrings (abcdef / qwerty...), indicating likely example/test value rather than a genuine secret.
  • NPM_TOKEN: npm_abcdefghijklmnopqrstuvwxyz1234567890
  • Ignored — alphabet sequence; documentation/example.
  • PRIVATE_KEY: -----BEGIN RSA PRIVATE KEY-----
  • PRIVATE_KEY: -----BEGIN PRIVATE KEY-----
  • Ignored — only header markers indicated in potential matches. I did not find an embedded full private-key PEM block in the provided documentation content; if a full private key block exists elsewhere, that would be high severity. Based on the material presented, these look like false positives (headers only or placeholders).
  • SLACK_TOKEN: xoxb-1234567890-abcdefghij
  • SLACK_TOKEN: xoxp-1234567890-abcdefghij
  • SLACK_TOKEN: xoxa-2-abc
  • Ignored — these are short, clearly example-like Slack token forms (numeric + simple suffix), typical placeholders in docs.
  • JWT_TOKEN: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.abcdefghijklmnopqrstuvwxyz12
  • Ignored — truncated / patterned tail; evidently an example.
  • OPENAI_API_KEY: sk-abcdef0123456789abcdef
  • Ignored — repeating/obvious hex-like pattern; looks like an example/test key.

Summary: One high-entropy-looking, actionable credential was detected: OPENAI_API_KEY: sk-proj-bxOCXoWsaPj0IDE1yqlXCXIkWO1f. All other matches are placeholders, redactions, canonical examples, truncated tokens, or obvious low-entropy documentation values and therefore ignored per your rules.

If the flagged OpenAI key is indeed present in the repository or documentation, treat it as a live secret: rotate/revoke it immediately and remove it from source control. If you want, I can draft exact remediation steps (rotate, invalidate, search/ scrub commit history, add a secret scanning/precommit hook).

Issues (3)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 3, 2026, 10:53 PM
Issues
3
Security Audit — snyk — capability-evolver