skills/nunchuk-io/agent-skills/nunchuk-setup/Snyk

nunchuk-setup

Fail

Audited by Snyk on Apr 8, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs non-interactive login using nunchuk auth login --api-key <api-secret-key> and even prefers that when the agent executes commands itself, which requires embedding the API key verbatim on the command line (an insecure secret-handling pattern).

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Apr 8, 2026, 01:09 PM

Issues

1