credentials
Facilitates secure API key management by loading credentials from a centralized access file for project environments.
Install this skill
Security score
The credentials skill was audited on Feb 12, 2026 and we found 18 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 81 | | Stripe Webhook | `whsec_*` | `STRIPE_WEBHOOK_SECRET` | |
Webhook reference - potential data exfiltration
| 113 | 'STRIPE_WEBHOOK_SECRET': r'whsec_[A-Za-z0-9]+', |
Webhook reference - potential data exfiltration
| 159 | STRIPE_WEBHOOK_SECRET: /whsec_[A-Za-z0-9]+/, |
Access to hidden dotfiles in home directory
| 29 | ~/.secrets/keys.txt |
Access to hidden dotfiles in home directory
| 30 | ~/.credentials.txt |
Access to .env file
| 263 | ### Step 4: Create .env File |
Access to .env file
| 265 | # Write to project .env |
Access to .env file
| 266 | cat > .env << EOF |
Access to .env file
| 274 | echo ".env" >> .gitignore |
Access to .env file
| 317 | - **ALWAYS** add `.env` to `.gitignore` |
Access to .env file
| 351 | 3. Set up your project's .env file |
External URL reference
| 118 | supabase_url = re.search(r'https://[a-z0-9]+\.supabase\.co', content) |
External URL reference
| 188 | https://api.openai.com/v1/models |
External URL reference
| 197 | https://api.anthropic.com/v1/models |
External URL reference
| 205 | https://api.render.com/v1/services |
External URL reference
| 216 | https://www.reddit.com/api/v1/access_token | jq -r '.access_token') |
External URL reference
| 224 | https://api.replicate.com/v1/models |
External URL reference
| 303 | https://supabase.com/dashboard/project/[your-ref]/settings/api |