gzh-design
Fail
Audited by Snyk on Jul 10, 2026
Risk Level: HIGH
Full Analysis
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I found a long, random-looking query parameter value named "sealed_token=OSZCPLO_..." embedded in image/srcset URLs. That string is high-entropy and appears to be a sealed/access token passed to an external API (api.star-history.com). It is a literal credential-like value (not a placeholder or redaction), so it meets the definition of a secret.
Other strings in the repo (hex color codes, usernames like zuiyn_soul, QR image URLs, example file paths, badges, and documentation placeholders) are low-entropy or clearly non-secret and were ignored per the rules.
Issues (1)
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata