010107-code-quality
Fail
Audited by Snyk on Jul 8, 2026
Risk Level: HIGH
Full Analysis
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the documentation for literal credential values. The only high-entropy-looking, literal credential present is the API key string in references/security.md: const apiKey = 'sk-1234567890abcdef'; this matches an API-key pattern (sk-) and is not a generic placeholder like YOUR_API_KEY or sk-xxxx, so I flag it as a potential hardcoded secret.
I am ignoring other values:
- postgresql://user:pass@localhost (same code block) — low-entropy, clearly an illustrative username/password (“user”/“pass”), treated as a documentation example and not flagged.
- Example passwords and emails elsewhere (e.g., 'password', admin@example.com) — low-entropy or explicit examples, so ignored per the rules. No redaction markers like REDACTED_SECRET_... are present.
Issues (1)
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata