File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- SKILL.md:35
Security audit
Security checks across malware telemetry and agentic risk
This skill is a straightforward Google Shopping API guide that requires a user-provided Scavio API key and does not install code or add persistence.
Install only if you intend to use Scavio's Google Shopping API. You will need to provide your own SCAVIO_API_KEY, and each endpoint call consumes credits, so review Scavio pricing and avoid broad store pagination unless you want the extra usage.
64/64 vendors flagged this skill as clean.
Detected: suspicious.exposed_secret_literal