Skillv6.1.0

Static analysis security

Ekybot Connector · Deterministic local checks for risky code patterns and metadata mismatches.

SuspiciousApr 30, 2026, 5:08 AM

Summary: Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal
Reason codes: suspicious.env_credential_accesssuspicious.exposed_secret_literal
Engine: v2.4.5

criticalruntime/src/companion-api-client.js:39

Environment variable access combined with network send.

suspicious.env_credential_access

criticalruntime/src/openclaw-gateway-client.js:26

Environment variable access combined with network send.

suspicious.env_credential_access

criticalreferences/api.md:16

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal