code-server-remote-ide-wsl2

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's workflows and example outputs explicitly show plaintext passwords and tunnel auth tokens (e.g., printing connection URL and "Password: aB3$x...!", templates with CLOUDFLARE_TUNNEL_TOKEN/your_token_here, and commands like ngrok config add-authtoken YOUR_TOKEN_HERE), which requires handling and outputting secret values verbatim and therefore poses exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs installing system software, writing/modifying system configuration (.wslconfig, service templates), enabling auto-start (systemctl) and even running sudo (e.g. sudo tailscale up), all of which change machine state and may require privilege escalation, so it does push the agent to modify the host.