Back to skill
Skillv1.6.0
Static analysis security
TikTok Packager · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 30, 2026, 4:59 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.4.5
Evidence
criticalscripts/pack-skill.mjs:13
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/release.mjs:33
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/node/render-slides.mjs:29
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/node/tiktok-intro-draft.mjs:46
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/node/postiz-create-draft.mjs:22
Environment variable access combined with network send.
suspicious.env_credential_access
criticalsrc/node/postiz-upload.mjs:58
Environment variable access combined with network send.
suspicious.env_credential_access
warnsrc/node/postiz-upload.mjs:66
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration