Skillv1.0.0

Static analysis security

Moria Skill · Deterministic local checks for risky code patterns and metadata mismatches.

ReviewMay 1, 2026, 4:22 PM

Summary: Detected: suspicious.dep_not_found_on_registry, suspicious.exposed_secret_literal, suspicious.potential_exfiltration
Reason codes: suspicious.dep_not_found_on_registrysuspicious.exposed_secret_literalsuspicious.potential_exfiltration
Engine: v2.4.22

criticalscripts/config.ts:23

File appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal

warnscripts/util/ipfs.ts:1

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

criticalDependency manifests:1

1 package(s) referenced in dependency files do not exist on their public registries: @moria/moria-sdk (npm)

suspicious.dep_not_found_on_registry