The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Hardcoded credentials admin:Harbor12345 are found in SKILL.md (multiple curl examples) and scripts/agent.py (line 144). The inclusion of default administrative passwords in documentation and script defaults can lead to insecure deployments.
[COMMAND_EXECUTION]: Multiple components of the skill deliberately bypass SSL certificate verification. In SKILL.md, several curl commands use the -k (insecure) flag. In scripts/process.py, the SSL context is configured with ctx.verify_mode = ssl.CERT_NONE and ctx.check_hostname = False. These practices leave the agent and the registry management operations vulnerable to Man-in-the-Middle (MitM) attacks.
[EXTERNAL_DOWNLOADS]: The skill facilitates the installation of Harbor from the official Helm repository at https://helm.getharbor.io. This is a well-known service for Harbor deployment and is documented here as a necessary external dependency.

securing-container-registry-with-harbor