virtualbox

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes explicit examples that pass plaintext usernames and passwords on the command line (e.g., --username user --password pass), which requires the LLM to place secret values verbatim into generated commands and is therefore insecure.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs the agent to run powerful VBoxManage commands that create/modify/delete VMs, change host networking (host-only interfaces, NAT port forwarding), manage host disk files and shared folders, and otherwise alter host resources—operations that modify the host system state and can require elevated privileges.