Skillv1.0.5

Static analysis security

tmrland-personal-demo · Deterministic local checks for risky code patterns and metadata mismatches.

Scanner verdict

SuspiciousApr 30, 2026, 5:04 AM

Summary: Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal
Reason codes: suspicious.env_credential_accesssuspicious.exposed_secret_literal
Engine: v2.4.5

Evidence

criticalscripts/_lib.mjs:6

Environment variable access combined with network send.

suspicious.env_credential_access

criticalreferences/api-keys-api.md:75

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal

criticalreferences/apparatus-api.md:255

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal

criticalreferences/contracts-api.md:31

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal

criticalreferences/intentions-api.md:83

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal

criticalreferences/messages-api.md:28

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal

criticalreferences/notifications-api.md:29

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal

criticalreferences/reviews-api.md:88

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal

criticalreferences/user-api.md:23

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal

criticalreferences/wallet-api.md:23

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal