exe

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user for API keys and secrets (OpenRouter key, Clerk PEM, webhook secret) and shows examples that embed those secrets verbatim in CLI flags and commands (e.g., --ai-key "sk-...", --clerk-key "cat ...", --clerk-webhook-secret "whsec_xxx"), which requires the LLM to handle and output secret values directly.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These are subdomains of an unverified hosting domain (exe.xyz) and a placeholder JWKS endpoint — they are not direct .exe downloads but represent untrusted VM hosts that can serve or run arbitrary binaries/scripts (and the Clerk JWKS URL can be attacker-controlled if you substitute a malicious domain), so they could be used to distribute malware unless the service and content are independently verified.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to create/modify system files and services (nginx configs, systemd units), install system-wide runtimes, and run sudo commands on the target VM (e.g. sudo apt, sudo cp, sudo systemctl), which directly changes the machine's state and requires privileged operations—so it should be flagged.