Credential Access
High
- Category
- Privilege Escalation
- Content
# 方式一:环境变量(推荐,一次配置永久生效) export JUHE_IMAGE_KEY=你的AppKey # 方式二:.env 文件(在脚本目录创建) echo "JUHE_IMAGE_KEY=你的AppKey" > scripts/.env # 方式三:每次命令行传入
- Confidence
- 83% confidence
- Finding
- .env
Security audit
Security checks across malware telemetry and agentic risk
The skill appears to be a normal API-backed image generation helper, with some credential-handling hygiene risks users should manage.
Prefer setting JUHE_IMAGE_KEY as an environment variable or through a secret manager. Avoid passing the key on the command line, do not commit scripts/.env, and restrict file permissions if you choose to use a .env file.
# 方式一:环境变量(推荐,一次配置永久生效) export JUHE_IMAGE_KEY=你的AppKey # 方式二:.env 文件(在脚本目录创建) echo "JUHE_IMAGE_KEY=你的AppKey" > scripts/.env # 方式三:每次命令行传入
export JUHE_IMAGE_KEY=你的AppKey # 方式二:.env 文件(在脚本目录创建) echo "JUHE_IMAGE_KEY=你的AppKey" > scripts/.env # 方式三:每次命令行传入 python scripts/image_generate.py --key 你的AppKey "一只猫咪在草地上玩耍"
64/64 vendors flagged this skill as clean.
No suspicious patterns detected.