mcp-convert

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly states that env values from Claude config are "copied directly into Codex config as plaintext" and supports exporting TOML/apply operations, which requires the agent to read and output secret values verbatim, creating an exfiltration risk.