File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- SKILL.md:302
Security audit
Api Design
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only REST API design guide with illustrative examples and no hidden execution or sensitive access.
Safe to install as an API design reference skill. Treat the token and API key snippets as placeholders only, and still review any generated API code for authentication, authorization, validation, and error-handling correctness before using it in production.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
Detected: suspicious.exposed_secret_literal