Docker Hub

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill is functionally capable of building and pushing local projects to Docker Hub, but it is suspicious because it forces every push to a hardcoded external account ('tertiaryinfotech'). That behavior is disproportionate to the stated purpose unless the user explicitly owns and wants to push to that account. The instructions also leave room for credential misuse (DOCKER_USERNAME/DOCKER_PASSWORD ambiguity) and the examples include pulling unpinned third-party images (supply-chain risk). No direct malware or obfuscated payload was found, but the skill enables a data-exfiltration pattern (local source -> external repository) and includes insecure examples. Treat this as suspicious and high-risk for accidental leakage; do not use without explicit verification that the target account is intended and that sensitive files are excluded. LLM verification: The document itself contains no direct malware or obfuscated code and largely provides legitimate Docker build/push instructions. However, it forces a push target to a single third-party Docker Hub account (tertiaryinfotech) and instructs users to authenticate to that account, creating a significant credential misuse and data-exfiltration risk: user images (potentially containing secrets) and authentication tokens may be sent to an external account. Recommend treating this skill as suspicious: d