skills/autoclaw-cc/xiaohongshu-skills/xhs-auth/Snyk

xhs-auth

Fail

Audited by Snyk on Apr 22, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). Insecure: the skill instructs embedding user-sensitive values (phone number and SMS verification code) verbatim into CLI commands (e.g., send-code --phone , verify-code --code ), which forces the LLM to handle and emit secrets in its output/commands.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Apr 22, 2026, 07:36 AM

Issues

1