capability-evolver
Audited by Snyk on Jul 3, 2026
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). Most URLs are legitimate (npm package tarballs, GitHub, official docs, localhost) but the list also contains explicit malicious/typosquatted hosts, credential-bearing URLs and a direct suspicious tarball (e.g. https://evil/evil.tgz, https://evil.com, api.openai.com.evil.test, attacker.example.com), so the set should be treated as high risk for malware distribution.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). Outsider-authored free text can enter the LLM context via EvoMap Hub–pushed mailbox messages (e.g.,
task_available,hub_event,asset_submit_result) that the agent reads from the local Proxy mailbox JSONL and then uses to construct prompts; those inbound payloads are not authored by the operating user.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I reviewed each automatically-detected potential match against the definitions and ignore rules you provided.
Findings (per potential match):
- OPENAI_API_KEY: sk-abcdefghijklmnopqrstuvwxyz
- Ignored — low-entropy, alphabet-run placeholder; matches documentation/example pattern.
- GITHUB_TOKEN: ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1234
- GITHUB_TOKEN: ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5678
- Ignored — redacted / x-filled placeholder values.
- GITHUB_TOKEN: gho_abcdefghijklmnopqrstuvwxyz1234567890
- GITHUB_TOKEN: ghs_abcdefghijklmnopqrstuvwxyz1234567890
- Ignored — contains obvious alphabetic sequence; looks like example/placeholder.
- AWS_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE
- Ignored — canonical AWS example key (contains "EXAMPLE"); documentation sample.
- OPENAI_API_KEY: sk-proj-bxOCXoWsaPj0IDE1yqlXCXIkWO1f
- Flagged — this is a literal, non-obvious, high-entropy string that matches OpenAI API key formatting (sk-proj-...). It appears to be a usable API credential rather than a placeholder or truncated/redacted sample. This meets the "actual API key / high-entropy" definition and should be treated as a secret leak.
- ANTHROPIC_API_KEY: sk-ant-api03-abcdefghijklmnopqrst
- Ignored — contains sequential alphabet characters; looks like a placeholder/example (low entropy).
- ANTHROPIC_API_KEY: sk-ant-abcdef0123456789xyzqwertyuiop12345
- Treated as ignored — although longer, it contains obvious patterned substrings (abcdef / qwerty...), indicating likely example/test value rather than a genuine secret.
- NPM_TOKEN: npm_abcdefghijklmnopqrstuvwxyz1234567890
- Ignored — alphabet sequence; documentation/example.
- PRIVATE_KEY: -----BEGIN RSA PRIVATE KEY-----
- PRIVATE_KEY: -----BEGIN PRIVATE KEY-----
- Ignored — only header markers indicated in potential matches. I did not find an embedded full private-key PEM block in the provided documentation content; if a full private key block exists elsewhere, that would be high severity. Based on the material presented, these look like false positives (headers only or placeholders).
- SLACK_TOKEN: xoxb-1234567890-abcdefghij
- SLACK_TOKEN: xoxp-1234567890-abcdefghij
- SLACK_TOKEN: xoxa-2-abc
- Ignored — these are short, clearly example-like Slack token forms (numeric + simple suffix), typical placeholders in docs.
- JWT_TOKEN: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.abcdefghijklmnopqrstuvwxyz12
- Ignored — truncated / patterned tail; evidently an example.
- OPENAI_API_KEY: sk-abcdef0123456789abcdef
- Ignored — repeating/obvious hex-like pattern; looks like an example/test key.
Summary: One high-entropy-looking, actionable credential was detected: OPENAI_API_KEY: sk-proj-bxOCXoWsaPj0IDE1yqlXCXIkWO1f. All other matches are placeholders, redactions, canonical examples, truncated tokens, or obvious low-entropy documentation values and therefore ignored per your rules.
If the flagged OpenAI key is indeed present in the repository or documentation, treat it as a live secret: rotate/revoke it immediately and remove it from source control. If you want, I can draft exact remediation steps (rotate, invalidate, search/ scrub commit history, add a secret scanning/precommit hook).
Issues (3)
Suspicious download URL detected in skill instructions.
Third-party content exposure detected (indirect prompt injection risk).
Secret detected in skill content (API keys, tokens, passwords).