rei

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs passing API keys as command-line arguments and embedding them into config files (and tells the agent to be given "Set up Rei with API key: YOUR_KEY"), which requires the LLM to receive and output secret values verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly instructs the agent to run setup scripts that modify configuration files (e.g., ~/.clawdbot/clawdbot.json), add providers/allowlists, and restart the gateway — actions that change the machine's state — though it does not request sudo, create users, or bypass security mechanisms.