Security已验证

High risk

cc-skill-security-review

Critical signals were detected and installation should be handled carefully.

40/100

1high2medium

修复建议

⛔ 得分 40/100 — 此技能存在严重风险。需要手动审计。

检测到的风险3

Hardcoded Secrethigh

hardcoded_secret

Potentially hardcoded secret

Line 29

Snippets

L29const apiKey = "sk-proj-xxxxx" // Hardcoded secret

L30const dbPassword = "password123" // In source code

L29const apiKey = "sk-proj-xxxxx" // Hardcoded secret

L30const dbPassword = "password123" // In source code

Network Callmedium

network_call

Outbound network call

Line 432

Snippets

L432 const response = await fetch('/api/protected')

L438 const response = await fetch('/api/admin', {

L446 const response = await fetch('/api/users', {

L456 fetch('/api/endpoint')

L432 const response = await fetch('/api/protected')

Env Accessmedium

env_access

Environment variable access

Line 35

Snippets

L35const apiKey = process.env.OPENAI_API_KEY

L36const dbUrl = process.env.DATABASE_URL

L35const apiKey = process.env.OPENAI_API_KEY

L36const dbUrl = process.env.DATABASE_URL

Voir les risques detectes

Connectez-vous pour consulter l'analyse detaillee des risques.

$npx agentfend install cmn92q2xj00s7u1ip7u68n9g5

Trust Score

52trust

⭐ 2.8万🍴 4667

Updated 2周前

分析时间

2026年3月31日 15:58

+ 2 previous scans

兼容

AGAntigravity

Skill details

Trust score

52/100

GitHub

Connected

Stars

2.8万

Forks

4667

Updated 2周前

分析时间 2026年3月31日 15:58

说明

"This skill ensures all code follows security best practices and identifies potential vulnerabilities. Use when implementing authentication or authorization, handling user input or file uploads, or creating new API endpoints."

查看源码