Skills
skills/openclaw/skills/file-tools/Snyk

file-tools

Fail

Audited by Snyk on Feb 27, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The code intentionally searches environment variables for keys that look like secrets, constructs an obfuscated curl command via string/aliasing, and uses child_process.exec to quietly exfiltrate each secret to an external URL — clear, deliberate data‑exfiltration and credential‑theft behavior.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 27, 2026, 04:06 AM