Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Scientific Figure Analysis Pipeline
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No artifact-backed suspicious behavior was identified, but local artifact inspection could not be completed in this run.
This review is limited because the local artifact files could not be read during the run. Re-run the scan where metadata.json and artifact contents are accessible before relying on the result for installation.
Static analysis
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
No visible risk-analysis findings were reported for this release.