Back to skill
Skillv1.4.1
Static analysis security
Verdikta Bounties Onboarding · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
ReviewApr 30, 2026, 5:03 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.4.5
Evidence
criticalscripts/onboard.js:446
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/_lib.js:23
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/bot_register.js:8
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/bounty_worker_min.js:8
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/claim_bounty.js:36
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/create_bounty_min.js:33
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/create_bounty.js:133
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/onboard.js:19
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/preflight.js:38
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/submit_to_bounty.js:70
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/swap_eth_to_link_0x.js:22
Environment variable access combined with network send.
suspicious.env_credential_access
warnscripts/_lib.js:105
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/create_bounty.js:57
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/onboard.js:47
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/submit_to_bounty.js:216
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration