synapse

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This SKILL.md instruction file documents a powerful local orchestration system that legitimately needs to send code and commands to local services and to run build/test commands. There is no direct evidence of embedded malware, obfuscated payloads, or credential-harvesting code in the document itself. However, there are notable supply-chain and operational risks: the Codex execute endpoint can run system commands (a high-risk capability), gateway URL is configurable (if pointed to untrusted remote hosts it enables exfiltration of code and secrets), and the documentation does not describe authentication/sandboxing or strict runtime controls. Recommendation: treat this skill as potentially dangerous if the gateway is not strictly bound to local, authenticated networks and if the execute service lacks robust sandboxing and access controls. Operators should verify the upstream GitHub repositories, run the gateway in an isolated environment, and ensure authentication, command whitelisting, and network restrictions are enforced. LLM verification: This SKILL.md-style fragment is mostly configuration and installation documentation for a local multi-agent orchestration system. There is no direct evidence of obfuscated or network-exfiltrating code in the provided text; all external endpoints are localhost and distribution sources are GitHub. However, the design grants powerful execution capability (Codex executor) and instructs users to modify global agent/IDE configuration and to run Docker containers; those actions create substantial attac