Checker Reference
What every CHK-### means
When uvx tanav scan surfaces a checker ID, this is what it found, a real disclosed example, and exactly how to fix it.
CHK-115
Credential access pattern in skill content
MCP-T06: Sensitive Data Exposure
MEDIUM – CRITICAL
CHK-027
Data exfiltration instruction in skill
MCP-T08: Data Exfiltration
CRITICAL
CHK-119
Kiro steering file injection
MCP-T03: Tool Poisoning
HIGH – CRITICAL
CHK-089
--dangerously-skip-permissions in MCP server config
MCP-T07: Privilege Escalation
CRITICAL
CHK-144
Unpinned npx/bunx/pnpx version in .mcp.json
MCP-T09: Supply Chain Compromise
MEDIUM – HIGH
CHK-CVE
Manually-verified CVE in a dependency
MCP-T09: Supply Chain Compromise
CRITICAL
CHK-154
Invocable ARD catalog entry published with no trustManifest
MCP-T09: Supply Chain Compromise
MEDIUM – HIGH
120+ checkers run on every scan — this reference covers the differentiator checkers first. More are added as they accumulate confirmed real-world examples.