Check reference / Safety & Security

SAFETY-01 No hardcoded secrets

Safety & Security · 15% of the grade · deterministic · applies to skills · subagents · slash commands · MCP configs · plugins

Deterministic — runs on every scan, no LLM or network needed.

Why it matters

A credential shipped inside a skill is public the moment the repo is — scrapers find leaked key patterns on GitHub within minutes, and everyone who installs the skill gets a copy. Once published, deleting the line does not un-leak it.

How to fix it

Remove the literal from every file, rotate the credential (treat it as burned), and read it from an environment variable at runtime instead. The scan covers SKILL.md and every supporting text file: private key blocks, cloud/API tokens, JWTs, connection strings with passwords, and generic `key = "value"` assignments.

Example

✗ flagged
token = "abc123fakevalue"
✓ passes
token = os.environ["SERVICE_TOKEN"]