check-country-risk
Fail
Audited by Snyk on Jul 8, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly requires an API key to be sent in the X-WorldMonitor-Key header and even includes a literal API-key-like example (wm_0123456789abcdef...), which encourages embedding secrets verbatim in requests/commands.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). The file contains a literal, high-entropy API key-like value in the example header: "wm_0123456789abcdef0123456789abcdef01234567". This is not a generic placeholder (e.g., YOUR_API_KEY) nor a simple setup password — it appears to be a real API key format (prefix + long hex string) and therefore meets the definition of a secret. No other strings meet the secret criteria.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata