skills/openjobsai/openjobs-openclaw-skills/openjobs-people-search/Snyk

openjobs-people-search

Fail

Audited by Snyk on Mar 11, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 0.80). The skill asks the user for their Mira API key and shows commands that echo/store the key (e.g., echo "mira_your_key_here" > ~/.config/mira/api_key) and would cause the agent to handle or emit the secret value verbatim, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill performs a runtime version check and, if newer, downloads and replaces its own SKILL.md from https://raw.githubusercontent.com/OpenJobsAI/openjobs-openclaw-skills/main/openjobs-people-search/SKILL.md, which allows remote content to directly modify the agent's instructions at runtime.

Issues (2)

W007

HIGH

Insecure credential handling detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

HIGH

Analyzed

Mar 11, 2026, 05:00 PM

Issues

2