defirisk.co
rubric v1.7.0

Leaked credential on paste/sentry site

Spiko's assessment for RD-F-164 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No public paste-site or credential-dump reference to Spiko infra keys found in web search. github.security_md_present: false means SECURITY.md is absent; no flagged secrets in public GitHub repo (spiko-tech/contracts is public). Systematic credential-dump monitoring requires proprietary feed (HaveIBeenPwned business API, Flare.io, CyberSixGill) not accessible via public WebFetch. Scored gray: external API blocked, not N/A.

Sources #

  • GitHub
    Spiko contracts repo — public inspectionspiko-tech/contracts public repo — no flagged secrets in available public inspection; no SECURITY.mdretrieved 2026-05-16
  • Internal
    Spiko data cache — security.md absent00-data-cache.json github.security_md_present: false. No SECURITY.md published in spiko-tech/contracts.retrieved 2026-05-16

Methodology #

Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol spiko factor RD-F-164 score gray collected_at 2026-05-15 22:52:13