myco:live-smoke-testing
Facilitates live smoke testing against UniFi hardware, ensuring API contract validation and tool classification for robust CI processes.
Install this skill
or
67/100
Security score
The myco:live-smoke-testing skill was audited on Jun 12, 2026 and we found 9 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 55
Curl to non-GitHub URL
SourceSKILL.md
| 55 | curl -k https://$UNIFI_HOST |
medium line 6
Access to .env file
SourceSKILL.md
| 6 | testing against real UniFi hardware: .env credential setup, tool classification tiers, |
medium line 31
Access to .env file
SourceSKILL.md
| 31 | 1. **`.env` file at project root** (gitignored) with real credentials: |
medium line 61
Access to .env file
SourceSKILL.md
| 61 | 5. **Git worktree `.env` placement** — `scripts/live_smoke.py` derives its repo root from |
medium line 62
Access to .env file
SourceSKILL.md
| 62 | its own file location (`Path(__file__).resolve().parents[1]`) and loads `.env` from that |
low line 67
Access to .env file
SourceSKILL.md
| 67 | ln -s /path/to/main-checkout/.env /path/to/worktree/.env |
low line 157
Access to .env file
SourceSKILL.md
| 157 | # Run all servers at once (requires full .env with Access and Protect creds) |
medium line 377
Access to .env file
SourceSKILL.md
| 377 | - **`.env` is gitignored — never commit credentials.** If you see `UNIFI_HOST` or |
low line 55
External URL reference
SourceSKILL.md
| 55 | curl -k https://$UNIFI_HOST |
Scanned on Jun 12, 2026
View Security Dashboard