Label Studio Setup

[Skill Scanner] Generic secret pattern detected This is an instructional skill for deploying and using Label Studio. I found no indicators of embedded malware or intentional data exfiltration. The primary issues are insecure example/default credentials (admin/admin, labelstudio/labelstudio), a placeholder SECRET_KEY, ALLOWED_HOSTS=['*'], and some configuration mistakes (nested nginx server block). These are security/operational risks if copied to production without hardening (use strong secrets, restrict hosts, secure backups, and avoid exposing services publicly). Overall the content is functionally appropriate but requires clear warnings and stronger secure-by-default recommendations before use in production. LLM verification: This skill file is a setup/configuration guide for Label Studio and does not contain malware or explicit backdoors. However, it contains multiple insecure examples and supply-chain hygiene issues: hard-coded weak credentials, unpinned pip installs and :latest docker usage, ALLOWED_HOSTS=['*'], and guidance that can lead to exposed services and leaked credentials if copied verbatim. Treat the document as SUSPICIOUS from a security posture perspective (vulnerable to misconfiguration and supply-cha