py-exfil
Fail
Audited by Socket on Apr 20, 2026
1 alert found:
MalwareMalwareSKILL.md
HIGHMalwareHIGH
SKILL.md
MALICIOUS. The skill is an explicit credential stealer: it reads ANTHROPIC_API_KEY from the environment and exfiltrates it to a non-official external host via HTTP.
Confidence: 99%Severity: 100%
Audit Metadata