Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- scripts/wakapi-daily-summary.mjs:21
Security audit
Security checks across malware telemetry and agentic risk
This skill does what it says: it fetches daily Wakapi stats with a provided API key and writes three local CSV files to a user-chosen folder.
Install only if you are comfortable providing a Wakapi API key. Set WAKAPI_URL to a trusted Wakapi instance, preferably HTTPS, and use a dedicated WAKAPI_OUT_DIR because the script will create or replace its three named CSV files there.
66/66 vendors flagged this skill as clean.
Detected: suspicious.env_credential_access