Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Security Auditor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only security review skill, and the reported secret finding appears to be an illustrative bad-code example rather than a real exposed credential.
This skill appears safe to install as an instruction-only security-auditing aid. The scanner warning looks like a false positive caused by an example of insecure password handling used for educational review guidance.
SkillSpector
By NVIDIA
SkillSpector findings are pending for this release.
Static analysis
VirusTotal
62/62 vendors flagged this skill as clean.