arkcli-auth
Fail
Audited by Snyk on Jul 1, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to accept a user-provided base64 SSO authorization code and run a CLI command embedding it verbatim (arkcli auth login --no-browser --code <授权码>), which requires the LLM to handle/output a secret value directly.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires using the Read tool at runtime to load ../arkcli-shared/SKILL.md, and that fetched file is a required dependency that directly controls authentication gating and agent prompt/decision behavior (../arkcli-shared/SKILL.md).
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata