whats-next
Fail
Audited by Snyk on Jun 30, 2026
Risk Level: HIGH
Full Analysis
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the entire skill text for literal, high-entropy credentials (API keys, PEM blocks, long random tokens). No actual API keys, private keys, or random-looking tokens appear. The text only contains documentation placeholders and example/simple passwords (e.g., "YOUR_API_KEY", "sk-xxxx", "openclaw", "SecurePassword123!", "mysecretpassword") which per the rules are ignored as non-secrets.
However, the document includes the literal redaction marker "REDACTED_SECRET_" (in the "WHAT TO IGNORE" section). Per the provided scanning rules, that exact literal redaction marker is an exception: it is not treated as a harmless placeholder but instead signals that a real credential was stripped and must be flagged. For that reason I treat the presence of this literal redaction marker as evidence to flag.
Issues (1)
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata