Back to skill
Skillv1.0.3
Static analysis security
Recharge / Renew of Skills | 技能账户充值/续费 · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 29, 2026, 8:04 PM
- Summary
- Detected: suspicious.exposed_secret_literal, suspicious.install_untrusted_source
- Reason codes
- suspicious.exposed_secret_literalsuspicious.install_untrusted_source
- Engine
- v2.4.2
Evidence
criticalreferences/token-schemes.md:113
Documentation appears to expose a hardcoded API secret or token.
suspicious.exposed_secret_literal
warnskills/smyx_common/scripts/config-dev.yaml:2
Install source points to URL shortener or raw IP.
suspicious.install_untrusted_source