pp-tidycal

Fail

Audited by Snyk on Jun 16, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs using a CLI command that embeds an API token as a command-line argument ("tidycal-pp-cli auth set-token YOUR_TOKEN_HERE"), which would require the LLM/agent to handle and output the secret verbatim (high exfiltration risk).

Issues (1)

W007
HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 16, 2026, 07:25 PM
Issues
1
Security Audit — snyk — pp-tidycal