Skillv1.1.0

Static analysis security

Whoop Skill · Deterministic local checks for risky code patterns and metadata mismatches.

ReviewApr 30, 2026, 4:54 AM

Summary: Detected: suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes: suspicious.env_credential_accesssuspicious.potential_exfiltration
Engine: v2.4.5

criticalsrc/auth/oauth.ts:13

Environment variable access combined with network send.

suspicious.env_credential_access

criticalsrc/auth/tokens.ts:59

Environment variable access combined with network send.

suspicious.env_credential_access

warnsrc/auth/tokens.ts:1

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration