File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- SKILL.md:37
Security audit
Security checks across malware telemetry and agentic risk
This skill bundle uses powerful admin and observability tools, but the behavior is disclosed, task-focused, and gated by user credentials and confirmations.
Install only if you intend to give the agent operational access to these systems. Use least-privilege tokens, review destructive commands before approval, and be especially careful with Slack posting, ClawHub staff actions, production deploys, and Axiom/Grafana deletion commands.
63/63 vendors flagged this skill as clean.
Detected: suspicious.exposed_secret_literal