Credential Access
High
- Category
- Privilege Escalation
- Content
DIR="$(cd "$(dirname "$0")" && pwd)" # 读取 .env if [ -f "$DIR/.env" ]; then set -a . "$DIR/.env" set +a
- Confidence
- 89% confidence
- Finding
- .env"
Security audit
Security checks across malware telemetry and agentic risk
The skill is a small Discord webhook helper whose file access and network call are disclosed and limited to sending a user-provided message to a configured Discord webhook.
Install only if you are comfortable storing a Discord webhook URL in the skill's local .env file and sending messages through that webhook. Keep the .env file private and trusted because this implementation sources it as shell code; do not use a .env file from an untrusted source.
DIR="$(cd "$(dirname "$0")" && pwd)" # 读取 .env if [ -f "$DIR/.env" ]; then set -a . "$DIR/.env" set +a
64/64 vendors flagged this skill as clean.
No suspicious patterns detected.