secret-handling-runtime

Provides guidelines for secure handling of secrets during runtime, ensuring safety against leaks and vulnerabilities.

Install this skill

39/100

Security score

The secret-handling-runtime skill was audited on Jun 8, 2026 and we found 7 security issues across 2 threat categories, including 1 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 157

Direct command execution function call

SourceSKILL.md

157	\| Node \| `try/finally` + `process.on('exit', cleanup)`; pass-fd via `child_process.spawn(..., { stdio: [...] })` \|

medium line 80

Template literal with variable interpolation in command context

SourceSKILL.md

```bash

medium line 125

Template literal with variable interpolation in command context

SourceSKILL.md

125

```bash

medium line 269

Template literal with variable interpolation in command context

SourceSKILL.md

269

```bash

medium line 157

Node child_process module reference

SourceSKILL.md

157	\| Node \| `try/finally` + `process.on('exit', cleanup)`; pass-fd via `child_process.spawn(..., { stdio: [...] })` \|

high line 156

Python subprocess execution

SourceSKILL.md

156	\| Python \| `try/finally` for cleanup; `subprocess.run(..., check=True)`; `secrets.compare_digest` for any constant-time compare \|

low line 116

Access to hidden dotfiles in home directory

SourceSKILL.md

116	\| ~/.cache \| disk \| NO \|

Scanned on Jun 8, 2026

View Security Dashboard

Installation guide →

GitHub Stars 144

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

openclaw backend security-engineer devops-sre backend-developer development

jmagly/aiwg