cli-anything-rms

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands that pass API tokens and passwords directly as CLI arguments (e.g., config set api_token <token>, --password PASSWORD, smtp ... --password PASS), which would force the LLM to include secret values verbatim if it constructs those commands.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URL points to a direct pip install from an individual GitHub repository (git+https to HKUDS/CLI-Anything#subdirectory=...), which is not an official package source and can run arbitrary code at install time — making it a moderately high-risk, unvetted source for distributing malware unless you can verify the repository owner, review the code, and confirm community trust (stars, forks, recent activity).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes an explicit "credits" command group with a "credits transfer --code CODE" action (and related credits/codes listing). That is a direct API/CLI operation to transfer credits (i.e., move value) rather than a generic management or browsing capability. Because it exposes a send/transfer operation, it constitutes direct financial execution authority.