First Seen
Feb 20, 2026
Last Scanned
Feb 22, 2026
Findings
3
Score
55/100
Findings (3)
Detects autonomous sub-agent or cron-based execution without human oversight
spawn sub-agent + autonomousRemove directives that force the agent to call specific tools or APIs not required for the skill's stated functionality. Tool calls should be determined by user intent, not embedded directives.
Likely FP if the skill legitimately needs to call other tools as part of its workflow (e.g., a deployment skill that calls git and cloud CLI tools).
Detects patterns indicating sensitive data being sent to external services
send credentials toRestrict file reading to the project directory and block outbound network calls that include file contents. Implement file path validation to prevent directory traversal.
Likely FP if the tool legitimately reads project files and displays them to the user locally, without sending data to external services.
Detects shell metacharacters (pipes, backticks, subshells) in MCP server command arguments
"command": "observe" }`Remove credentials (API keys, tokens, passwords) from MCP server configuration. Use environment variable references (e.g., ${API_KEY}) or a secrets manager instead of inline values.
Likely FP if the credential value is a placeholder (e.g., your-api-key-here, sk_test_xxx) in example configuration.