tailscale

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes explicit examples that embed an auth key on the command line (sudo tailscale up --auth-key=tskey-auth-...), which encourages placing secret values verbatim into commands (a high-risk pattern for exfiltration).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup scripts and quick-start instructions execute remote code at runtime using "curl -fsSL https://tailscale.com/install.sh | sh", which fetches and runs a remote installer (https://tailscale.com/install.sh) as a required step—presenting a high-confidence code-execution risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains numerous explicit sudo commands and instructions to modify system configuration files (e.g., /etc/sysctl.d, iptables, enable Tailscale SSH, advertise routes/exit nodes, and expose services) which directly change the machine's state and require elevated privileges.