Skills
skills/mohibshaikh/clawvet/api-helper/Gen Agent Trust Hub

api-helper

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions explicitly direct the agent to display sensitive environment variables in plaintext.
  • The instructions require showing OPENAI_API_KEY and SLACK_TOKEN values in the response for user verification.
  • The instructions require printing the ANTHROPIC_API_KEY if a 401 error is encountered.
  • [CREDENTIALS_UNSAFE]: The skill encourages the inclusion of full Authorization header values (e.g., Bearer sk-...) in the response, which leads to the exposure of active session tokens and secret keys.
  • [DATA_EXFILTRATION]: While no external network calls are shown in the provided snippet, the instruction to output secrets into the chat interface constitutes data exfiltration from the secure environment to an unencrypted or less secure output channel.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 04:05 PM