critical
suspicious.exposed_secret_literal
- Location
- SKILL.md:32
- Finding
- File appears to expose a hardcoded API secret or token.
free-kameo
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal, suspicious.potential_exfiltration
Findings (3)
critical
suspicious.exposed_secret_literal
- Location
- USAGE.md:9
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.potential_exfiltration
- Location
- scripts/generate_video.sh:57
- Finding
- Shell script base64-encodes a local file and sends it over the network.