Check reference / Safety & Security
SAFETY-01 No hardcoded secrets
Deterministic — runs on every scan, no LLM or network needed.
Why it matters
A credential shipped inside a skill is public the moment the repo is — scrapers find leaked key patterns on GitHub within minutes, and everyone who installs the skill gets a copy. Once published, deleting the line does not un-leak it.
How to fix it
Remove the literal from every file, rotate the credential (treat it as burned), and read it from an environment variable at runtime instead. The scan covers SKILL.md and every supporting text file: private key blocks, cloud/API tokens, JWTs, connection strings with passwords, and generic `key = "value"` assignments.
Example
✗ flagged
token = "abc123fakevalue"✓ passes
token = os.environ["SERVICE_TOKEN"]