arkcli-helper
Fail
Audited by Snyk on Jul 1, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). 该技能描述要求读取 Agent Plan / OpenViking 的密钥并将“裸 key”或 "Authorization: Bearer " 等明文写入注入到目标 MCP 配置或请求头,意味着代理在生成的配置/命令/文件输出中会直接包含秘密值,存在泄露风险。
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs "npx -y @byted-supabase/cli@latest install" at runtime to fetch and execute a remote npm package (executes remote code during runtime), so the npm package URL/reference (@byted-supabase/cli@latest via npx) is flagged.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata