nocobase-mcp-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes explicit command examples that embed API keys or ask the user to set/insert <your_api_key> (e.g., --header "Authorization: Bearer <your_api_key>" and export NOCOBASE_API_TOKEN=...), which can lead the agent to request and echo secrets verbatim rather than keeping them only in environment variables.