Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Auto Coding
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real auto-coding helper, but it ships hardcoded LLM API keys and handles local LLM credentials, so it needs careful review before use.
Do not run the included model-test scripts until the hardcoded API keys are removed and revoked. If installing, use a sandboxed workspace, verify which LLM credentials the skill will read from ~/.nanobot/config.json, and avoid sending secrets or private code unless you trust the configured provider.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Published keys may be compromised or used unexpectedly, and running the included tests could make calls billed to or attributed to another account.
Why it was flagged
The package embeds provider API keys and then uses them as bearer tokens for external LLM API requests.
Skill content
API_KEYS = { "bailian": "sk-sp-f5a...", "minimax": "sk-api-YO..." } ... "Authorization": f"Bearer {api_key}"Recommendation
Remove all hardcoded keys, revoke the exposed keys, and require credentials only through user-controlled Nanobot config or environment variables.
What this means
The skill may use your existing LLM account credentials to send prompts and receive code results.
Why it was flagged
The skill intentionally reads the user's existing Nanobot LLM configuration, which can include provider API keys.
Skill content
复用 nanobot 的 LLM 配置(从 `~/.nanobot/config.json` 读取)
Recommendation
Confirm the Nanobot config uses the intended provider/account, and use limited-scope or separate API keys if available.
What this means
Generated or test code may run in your local workspace and could affect files, network access, or dependencies if the task is unsafe.
Why it was flagged
The workflow includes running tests to validate generated code, which is expected for an auto-coding skill but can execute local code.
Skill content
测试验证 - 运行测试确保代码工作
Recommendation
Run the skill in a sandbox or disposable workspace for untrusted tasks, and review generated code before allowing broad execution.
What this means
Task descriptions, code snippets, and error details may be sent to the configured LLM provider.
Why it was flagged
The skill sends coding requests through an LLM provider integration, which is disclosed and purpose-aligned.
Skill content
llm_client_v2.py (临时脚本调用) ↓ nanobot.providers.litellm_provider ↓ DashScope API
Recommendation
Avoid including secrets or private proprietary code in prompts unless your provider and account policy allow it.
What this means
Installation may require manual package installs that are not fully represented in the registry metadata.
Why it was flagged
SKILL.md declares Python/pip dependencies, while the registry metadata reports no install spec; the dependency surface is somewhat under-declared to the installer.
Skill content
requires":{"bins":["python","pip"]},"install":[{"package":"dashscope"},{"package":"duckduckgo-search"}]Recommendation
Publish an explicit install spec or requirements with pinned versions, and ensure registry metadata matches SKILL.md.
What this means
Users may be falsely reassured about credential safety and install or run the skill without noticing exposed secrets.
Why it was flagged
The package claims there are no hardcoded secrets, but other included artifacts contain real-looking hardcoded API keys.
Skill content
安全检查 | 无硬编码密钥 | ✅
Recommendation
Update the report, run secret scanning before publication, and remove or redact all credential material from code and documentation.