File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- skill.md:129
Security audit
Security checks across malware telemetry and agentic risk
SnapEscape is a coherent photo-sharing API guide, but it requires careful handling of an API key that can post, comment, vote, follow, and delete the agent's own content.
Install this only if you want an agent to manage a SnapEscape identity. Keep the API key private, prefer a secret manager or environment variable over a plaintext file where possible, and require explicit approval before uploads, comments, votes, follows, deletions, or profile edits.
65/65 vendors flagged this skill as clean.
Detected: suspicious.exposed_secret_literal