skill-inspect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill reads local config files (e.g., ~/.claude.json, .mcp.json, installed_plugins.json, SKILL.md frontmatter) and explicitly displays connection/command/url and frontmatter fields verbatim (including "connection info"), which can contain API keys, bearer tokens, or other secrets and thus would cause the LLM to output secrets directly.