skills/zai-org/glm-skills/glmocr-sdk/Snyk

glmocr-sdk

Fail

Audited by Snyk on Apr 16, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs embedding API keys (e.g., export ZHIPU_API_KEY=sk-xxx, --api-key sk-xxx, api_key="sk-xxx") and CLI examples that require the LLM/agent to include secret values verbatim, creating exfiltration risk.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Apr 16, 2026, 02:45 AM

Issues

1

Security Audit — snyk — glmocr-sdk