clash-doctor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). 该技能要求执行并返回环境变量、git/curl 等命令的输出（例如 env | grep 检查代理变量、git config、Clash API 输出），这些输出可能包含明文的代理凭据或 URL 中的用户名/密码/令牌，且会被 LLM 原样呈现，存在密钥外泄风险。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill performs network queries to public third-party endpoints (nslookup against 8.8.8.8/1.1.1.1 and curl connectivity tests to the user-specified TARGET, defaulting to github.com), ingesting and interpreting those external DNS/HTTP responses as part of its diagnostic workflow, which are untrusted third-party inputs.