hap-mcp-usage

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read user-provided URLs containing HAP-Appkey and HAP-Sign and to embed those full credentials verbatim into commands and configuration files (and into validation calls), which requires the LLM to handle and output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill instructs automatic environment/process scanning, silent modification of user configuration files, automatic use of supplied credentials (HAP-Appkey/HAP-Sign) and execution of commands (including npx), which enables credential exposure, unauthorized system modifications, and supply-chain risks without explicit user consent — therefore it is high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill automatically adds and then calls user-provided MCP endpoints (e.g., URLs like "https://api.mingdao.com/mcp?HAP-Appkey=...&HAP-Sign=...") and explicitly invokes API methods such as get_app_info/get_app_worksheets_list to read application data, so it ingests and interprets third-party (potentially user-generated/untrusted) content at runtime.