setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the agent to accept user API tokens and then embed or run them verbatim in CLI commands and echo them into .env (e.g., onecli secrets create --value YOUR_KEY, echo 'ANTHROPIC_API_KEY=<their-key>' >> .env), so the LLM would need to handle and output secret values directly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes remote installer scripts at runtime that are piped to a shell—e.g. https://deb.nodesource.com/setup_22.x, https://get.docker.com, and curl -fsSL onecli.sh/install (and onecli.sh/cli/install) — which execute remote code to provision required dependencies (Node/Docker/OneCLI), so they present a high-risk runtime external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to run sudo commands and modify system-wide state (systemd/unit files, /etc paths, docker group membership and ACLs, start/stop services), which requires elevated privileges and can compromise the machine.