skills/sunny0826/content-skills/qiniu-kodo/Snyk

qiniu-kodo

Fail

Audited by Snyk on Apr 26, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs embedding AccessKey/SecretKey in command-line arguments and config files (e.g., --access-key "YOUR_ACCESS_KEY", secretKey in JSON), which requires including secret values verbatim in commands/configs and thus poses direct exfiltration risk.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Apr 26, 2026, 11:40 PM

Issues

1