Back to skill
Skillv2.0.1
Static analysis security
Okki Sync Mail · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
ReviewApr 30, 2026, 5:26 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration (+1 more)
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltrationsuspicious.prompt_injection_instructions
- Engine
- v2.4.5
Evidence
criticalauto-capture.js:88
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalkb-retrieval.js:29
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalokki-sync.js:65
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/smtp-wrapper.js:45
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalauto-capture.js:18
Environment variable access combined with network send.
suspicious.env_credential_access
criticalintegration-test.js:57
Environment variable access combined with network send.
suspicious.env_credential_access
criticalintent-recognition.js:116
Environment variable access combined with network send.
suspicious.env_credential_access
criticalreply-generation.js:184
Environment variable access combined with network send.
suspicious.env_credential_access
criticalreply-generator.js:64
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/imap.js:16
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/smtp.js:28
Environment variable access combined with network send.
suspicious.env_credential_access
criticaltest-read.js:8
Environment variable access combined with network send.
suspicious.env_credential_access
warnintegration-test.js:255
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnintent-recognition.js:19
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnreply-generation.js:145
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnreply-generator.js:22
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/smtp.js:493
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnSKILL.md:30
Prompt-injection style instruction pattern detected.
suspicious.prompt_injection_instructions