use-native-credential-proxy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to accept a user's token/key if provided in chat and write it verbatim into .env (e.g., echo 'ANTHROPIC_API_KEY='), which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Phase 2 workflow explicitly instructs adding an upstream remote and running "git fetch upstream skill/native-credential-proxy" from the public GitHub repo https://github.com/qwibitai/nanoclaw.git and merging those changes into the local codebase, which pulls untrusted third-party code that will be read, built, and can change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs the operator to fetch and merge code from the remote git URL https://github.com/qwibitai/nanoclaw.git (git fetch/merge of the skill branch), which pulls remote source that will be built and executed as part of the application, so this external URL is a runtime installation dependency that can execute remote code.