Scan Report
5 /100
keevx-image-to-video
Use the Keevx API to convert images to videos
This is a legitimate API integration skill for Keevx image-to-video conversion with no malicious behavior detected.
Safe to install
This skill is safe to use. Consider removing the hardcoded placeholder example from line 15 to avoid confusion, though it poses no security risk.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Placeholder credential in documentation Doc Mismatch | SKILL.md:15 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | API calls to api.keevx.com are declared and appropriate |
| Filesystem | NONE | NONE | — | No file operations detected |
| Shell | NONE | NONE | — | Only curl examples for API calls, no arbitrary execution |
| Environment | READ | READ | ✓ Aligned | Reads KEEVX_API_KEY from environment as declared |
1 High 7 findings
High API Key 疑似硬编码凭证
API_KEY="your_api_key_here" SKILL.md:15 Medium External URL 外部 URL
https://www.keevx.com/main/home. SKILL.md:12 Medium External URL 外部 URL
https://docs.keevx.com SKILL.md:12 Medium External URL 外部 URL
https://api.keevx.com/v1 SKILL.md:20 Medium External URL 外部 URL
https://api.keevx.com/v1/figure-resource/upload/file SKILL.md:88 Medium External URL 外部 URL
https://api.keevx.com/v1/image_to_video SKILL.md:116 Medium External URL 外部 URL
https://api.keevx.com/v1/image_to_video/i2v-xxxxxxxx SKILL.md:156 File Tree
1 files · 7.9 KB · 276 lines Markdown 1f · 276L
└─
SKILL.md
Markdown
Security Positives
✓ No arbitrary code execution or shell commands
✓ No credential harvesting beyond using user's own API key
✓ No data exfiltration to third-party servers
✓ No obfuscation or encoded payloads
✓ All network activity is limited to the legitimate Keevx API
✓ Skill purpose and implementation are clearly documented
✓ No sensitive path access (ssh, aws, .env files)
✓ No supply chain risks - no dependencies to install