Back to skill
Skillv1.2.3
Static analysis security
Skill Dropshipping Fulfillment · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 30, 2026, 5:04 AM
- Summary
- Detected: suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.4.5
Evidence
criticalscripts/cj-api.js:8
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/fulfill.js:18
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/rebuild-mapping.js:19
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/woo-api.js:8
Environment variable access combined with network send.
suspicious.env_credential_access
warnscripts/cj-api.js:10
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/fulfill.js:41
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/rebuild-mapping.js:32
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/woo-api.js:11
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration