moca-proof

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires using a Bearer accessToken and shows command examples with --access-token and instructs embedding the token in API calls, which forces the agent to include secret tokens verbatim in generated commands/requests (high exfiltration risk).