netbox-automation-patterns

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: HIGH
Full Analysis

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the skill content for literal, high-entropy credentials.

Findings:

  • The Docker/CI example in references/gitops-workflows.md sets an environment variable: SUPERUSER_API_TOKEN: "0123456789abcdef0123456789abcdef01234567" This is a long hex string that matches the definition of a high-entropy token (literal value that could grant access). It is directly present in the doc and therefore should be treated as a secret.

Ignored items:

  • token: nbt_abc123.xxxxxxxxxxxxxxxx (in the nb_inventory / nb_lookup examples) — treated as a documentation placeholder/redaction (contains obvious 'abc123' with trailing x's) and not flagged.
  • Any UUIDs, example request ids, simple words like "password" or short sample tokens are treated as examples/placeholders per the rules and ignored.

Therefore I mark the document as containing at least one high-entropy literal credential (the SUPERUSER_API_TOKEN sample).

Issues (1)

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 07:26 AM
Issues
1
Security Audit — snyk — netbox-automation-patterns