netbox-automation-patterns
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: HIGH
Full Analysis
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the skill content for literal, high-entropy credentials.
Findings:
- The Docker/CI example in references/gitops-workflows.md sets an environment variable: SUPERUSER_API_TOKEN: "0123456789abcdef0123456789abcdef01234567" This is a long hex string that matches the definition of a high-entropy token (literal value that could grant access). It is directly present in the doc and therefore should be treated as a secret.
Ignored items:
- token: nbt_abc123.xxxxxxxxxxxxxxxx (in the nb_inventory / nb_lookup examples) — treated as a documentation placeholder/redaction (contains obvious 'abc123' with trailing x's) and not flagged.
- Any UUIDs, example request ids, simple words like "password" or short sample tokens are treated as examples/placeholders per the rules and ignored.
Therefore I mark the document as containing at least one high-entropy literal credential (the SUPERUSER_API_TOKEN sample).
Issues (1)
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata