Back to skill
Skillv0.1.0
Static analysis security
Skillboss · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 30, 2026, 5:09 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.4.5
Evidence
criticalscripts/api-hub.js:804
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/stripe-connect.js:112
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/api-hub.js:760
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/lib/client.js:70
Environment variable access combined with network send.
suspicious.env_credential_access
warnscripts/commands/pilot.js:47
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/lib/client.js:14
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/product-manager.js:38
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/serve-build.js:31
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/stripe-connect.js:28
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration