moviepilot-update
Fail
Audited by Snyk on May 10, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The skill includes an explicit example that configures the client by passing an API key on the command line (--apikey <API_TOKEN>), which encourages embedding secret values verbatim in commands and thus creates an exfiltration risk.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill instructs performing privileged state-changing operations (restart/upgrade) that require administrator authentication but uses the application API and does not ask the agent to escalate privileges, edit system files, or create users.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata