skills/x-cmd/skill/moonshot/Snyk

moonshot

Fail

Audited by Snyk on Apr 10, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt instructs users to supply the Moonshot API key via commands like --cfg apikey=<key> (or init), which encourages embedding the secret verbatim in CLI arguments/outputs and thus risks exfiltration.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Apr 10, 2026, 05:41 AM

Issues

1