skills/volcengine/volcengine-skills/volcengine-vefaas/Snyk

volcengine-vefaas

Fail

Audited by Snyk on Jun 13, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and recommends using command-line flags with raw credentials (vefaas login --accessKey --secretKey and veafas env set KEY VALUE), which requires embedding secret values verbatim in commands and is a direct exfiltration risk.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Jun 13, 2026, 07:13 AM

Issues

1

Security Audit — snyk — volcengine-vefaas