r2

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs embedding access_key_id/secret_access_key directly in JSON command-line arguments and provides a --raw show-creds option, which requires the LLM/agent to handle and potentially emit secret values verbatim (high exfiltration risk).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup script installs rclone at runtime by executing remote code via "curl -fsSL https://rclone.org/install.sh | sudo bash", which fetches and runs external code that the skill depends on (rclone) so this URL is a high-confidence runtime code-execution dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill includes a privileged installation command (curl ... | sudo bash) and executable setup scripts that instruct running commands on the host, so it encourages modifying the machine's state (though it doesn't request creating users or altering system/SSH/service configs).