modelscope-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt shows initializing the client with a literal token string (new ModelScopeAPI('your-modelscope-token')), which encourages embedding API tokens directly in generated code and would require the LLM to include secret values verbatim if a real token is supplied, creating exfiltration risk.