Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
fadada-document-sign
Security checks across static analysis, malware telemetry, and agentic risk
Overview
I could not read the workspace artifacts because the local execution sandbox failed, and the supplied VirusTotal status is pending rather than evidence of harm.
This result is low confidence because the local files could not be inspected; do not rely on the pending VirusTotal status alone as evidence of risk.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
No visible risk-analysis findings were reported for this release.