Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
...(includePrivateKey && signer?.privateKey ? { privateKey: [REDACTED] } : {}),
Agentbox Skills
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No risk analysis has been recorded yet.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
private_key: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
privateKey: [REDACTED],
Potential exfiltration
Warn
- Finding
- Sensitive-looking file read is paired with a network send.
- Skill content
rawTranscript = await fs.readFile(entry.sessionFile, "utf8");
VirusTotal
43/43 vendors flagged this plugin as clean.
Risk analysis
No visible risk-analysis findings were reported for this release.