Skills
skills/fabioc-aloha/windowswidget/text-to-speech/Snyk

text-to-speech

Fail

Audited by Snyk on Mar 10, 2026

Risk Level: HIGH
Full Analysis

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). The document contains a high-entropy token in the WebSocket endpoint example:

wss://.../readaloud/edge/v1 ?TrustedClientToken=6A5AA1D4EAFF4E9FB37E23D68491D6F4

This 32-character hex-like value appears to be a real, literal credential (high entropy, not a placeholder) and thus meets the definition of a secret. Other items in the skill (e.g., ConnectionId=[UUID], voice IDs, example commands, simple example passwords) are placeholders or low-entropy/obvious examples and are ignored per the rules.

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 03:56 AM