arkcli-helper

Fail

Audited by Snyk on Jul 1, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). 该技能描述要求读取 Agent Plan / OpenViking 的密钥并将“裸 key”或 "Authorization: Bearer " 等明文写入注入到目标 MCP 配置或请求头,意味着代理在生成的配置/命令/文件输出中会直接包含秘密值,存在泄露风险。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs "npx -y @byted-supabase/cli@latest install" at runtime to fetch and execute a remote npm package (executes remote code during runtime), so the npm package URL/reference (@byted-supabase/cli@latest via npx) is flagged.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 1, 2026, 08:29 AM
Issues
2
Security Audit — snyk — arkcli-helper