staging-token

[Skill Scanner] Credential file access detected The documentation describes a local helper that obtains and exposes a staging JWT using a user-owned fish script. The approach is plausible for the stated purpose but contains multiple risky behaviors (copying secrets to clipboard, exporting to environment, implied cookie storage) and lacks crucial trust and integrity information (script contents, identity server endpoints). Without the actual get_token.fish contents, it is not possible to rule out malicious behavior; therefore treat this as a supply-chain risk until the script and endpoints are audited. Recommended: review the script, verify endpoints and TLS, remove clipboard/cookie persistence or make them opt-in, and minimize token scope/lifetime. LLM verification: High-risk-but-possibly-benign helper: the skill plausibly automates retrieving a staging JWT, but implementation requires sourcing an unverified local dotfiles script and writes sensitive tokens to environment variables and the clipboard. This creates multiple exposure vectors (arbitrary code execution via sourcing, local file/secret reads, token leakage to clipboard/logs/agent outputs, and unknown network calls). Recommended actions: do NOT run without first auditing get_token.fish content; avo