mira-voice-f5

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt embeds a Telegram bot token directly in the curl URL and instructs sending that exact command, requiring the LLM to output/use the secret token verbatim (high exfiltration risk).

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The skill intentionally uploads generated voice files to a fixed external Telegram bot using a hardcoded bot token and chat_id (via curl), which constitutes deliberate data exfiltration and credential exposure/backdoor behavior.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). The string "8750482121:AAEHLkNQc413zPtbFq5xVcj7Qr4D6Vcp84I" appears verbatim in the skill (in the Telegram API URL and the potential matches). It matches the Telegram bot token format (<bot_id>:), is not a placeholder, and is a high-entropy, usable credential that would allow control of the bot via the Telegram Bot API. This is a real secret and should be treated as exposed (recommend immediate rotation/revocation).

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 06:06 AM
Issues
3
Security Audit — snyk — mira-voice-f5