gzh-design

Fail

Audited by Snyk on Jul 10, 2026

Risk Level: HIGH
Full Analysis

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I found a long, random-looking query parameter value named "sealed_token=OSZCPLO_..." embedded in image/srcset URLs. That string is high-entropy and appears to be a sealed/access token passed to an external API (api.star-history.com). It is a literal credential-like value (not a placeholder or redaction), so it meets the definition of a secret.

Other strings in the repo (hex color codes, usernames like zuiyn_soul, QR image URLs, example file paths, badges, and documentation placeholders) are low-entropy or clearly non-secret and were ignored per the rules.

Issues (1)

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 10, 2026, 01:09 AM
Issues
1
Security Audit — snyk — gzh-design