node-version-compatibility-tester

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to provide API tokens/credentials and instructs the agent to "use the credential to construct parameters and execute tests," which requires embedding secret values verbatim into commands/requests and thus creates an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to execute arbitrary scripts from user-specified skill paths, switch Node versions via RunCommand, create temp files and use user-provided credentials to perform "real" tests, which can modify the host system or exfiltrate secrets even though it does not explicitly request sudo or ask to create system accounts.