sqlserver-expert

[Skill Scanner] Credential file access detected This skill/documentation is benign and aligned with its stated purpose (SQL Server expert guidance and Node.js mssql examples). There are no signs of credential exfiltration, obfuscated malicious code, or third-party proxying of credentials. The main security note: config.options.trustServerCertificate is set to true — this weakens TLS verification and should not be used in untrusted networks or production. Also avoid SELECT * in production and ensure proper pooling concurrency handling as appropriate. LLM verification: The sqlserver-expert fragment is coherent with its stated purpose, demonstrating proper parameterized query usage, environment-based credential handling, and common T-SQL examples. The credential-file-access finding is likely a false positive. Minor production considerations include tightening trustServerCertificate and encryption settings for deployment. Overall, the footprint is benign and appropriate for its described use-case.