Skillv0.2.1

Static analysis security

phoenixclaw image gen · Deterministic local checks for risky code patterns and metadata mismatches.

SuspiciousApr 30, 2026, 5:03 AM

Summary: Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal
Reason codes: suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.exposed_secret_literal
Engine: v2.4.5

criticalscripts/cli/openrouter.js:121

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/adapters/openrouter.js:11

Environment variable access combined with network send.

suspicious.env_credential_access

criticalscripts/cli/openrouter.js:23

Environment variable access combined with network send.

suspicious.env_credential_access

criticalSKILL.md:80

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal