zoom-meeting-admin
Audited by Snyk on Jun 5, 2026
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the provided Skill files for literal, high-entropy credentials. In .env.sample I found three high-entropy, random-looking values that are not obvious placeholders:
- ZOOM_ACCOUNT_ID=bQ60RYqgQjGGYX1BI67ExQ
- ZOOM_CLIENT_ID=f08M8T4LQtSuExP3VkrzTQ
- ZOOM_CLIENT_SECRET=eNvy78T2IJoOBxnIpfdqCKtAJirTIM2A
These strings look like real credentials (high entropy, not simple example words) and therefore meet the definition of a secret (especially the client secret). They are present in a sample .env file; even if intended as examples, they must be treated as sensitive and removed/rotated. I did not flag the ZOOM_USER_ID (service@uperform.cn) because it is an email/identifier rather than a secret, and I found no private key PEM blocks or active access tokens elsewhere in the repository.
If these values are real, they should be removed from the repository, replaced with clear placeholders (e.g., YOUR_CLIENT_SECRET), and rotated immediately.
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (2)
Secret detected in skill content (API keys, tokens, passwords).
Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).