Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- examples/ledger-auth.js:10
Security audit
Security checks across malware telemetry and agentic risk
The skill appears to be a coherent Registry Broker API integration, but users should handle its API key, external-agent chats, registration/payment actions, and optional MCP setup carefully.
Before installing or using this skill, make sure you trust hol.org and any optional MCP package you run. Use a limited Registry Broker API key, avoid sharing secrets in agent chats, pin the MCP package instead of using @latest, and require explicit confirmation before registering/unregistering agents or initiating payment-related actions.
61/61 vendors flagged this skill as clean.
Detected: suspicious.env_credential_access