B
85/100 First Seen
Feb 19, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
85/100
HIGH 1
LOW 1
Findings (2)
HIGH
AWS access key
L149 Detects AWS access key IDs
AKIAIOSFODNN7EXAMPLE FIX
Remove the AWS access key from the skill definition and use environment variables or IAM roles instead. Rotate the exposed key immediately via the AWS console.
FP?
Likely FP if the matched string is a placeholder (e.g., AKIAEXAMPLE), a documentation example, or a test fixture key that is not valid.
LOW
pip install arbitrary package
L48 Detects pip install of arbitrary packages that modify the host environment
pip install cl FIX
Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.
FP?
Likely FP if the match is in documentation showing how to install the skill's own PyPI package.