claude-hook-writer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes prompt-based security hooks that ask the LLM to analyze file contents for hardcoded API keys/credentials and logging hooks that echo full commands/JSON, which can cause the model to receive and return secret values verbatim (e.g., in the "reason" field or logs) without any redaction—so it requires handling/output of secrets.