Found via SkillFence scan (npmjs.com/package/skillfence).
Findings:
- login.sh references PRIVATE_KEY (crypto key pattern)
- config.toml contains openai_api_key with hardcoded addresses
Recommendation: Move credentials to env vars or secret manager. Add config.toml to .gitignore. Consider pre-commit hook: npx skillfence install-hook
Scan: npx skillfence scan . (Verdict: BLOCK, 19 findings, 2 critical)
Found via SkillFence scan (npmjs.com/package/skillfence).
Findings:
Recommendation: Move credentials to env vars or secret manager. Add config.toml to .gitignore. Consider pre-commit hook: npx skillfence install-hook
Scan: npx skillfence scan . (Verdict: BLOCK, 19 findings, 2 critical)