moviepilot-update

Fail

Audited by Snyk on May 10, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill includes an explicit example that configures the client by passing an API key on the command line (--apikey <API_TOKEN>), which encourages embedding secret values verbatim in commands and thus creates an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill instructs performing privileged state-changing operations (restart/upgrade) that require administrator authentication but uses the application API and does not ask the agent to escalate privileges, edit system files, or create users.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
May 10, 2026, 12:52 AM
Issues
2
Security Audit — snyk — moviepilot-update