public-data

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user to input API keys and save them verbatim into ${CLAUDE_PLUGIN_DATA}/moai-credentials.env, which requires the LLM to collect and handle plaintext secrets (high exfiltration risk).