claude-team

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned for high-entropy, literal credentials. The documentation contains one high-entropy string in the Environment Setup section:
• export TELEGRAM_BOT_TOKEN="123456789:ABCdefGHIjklMNOpqrsTUVwxyz"

This matches the Telegram bot token pattern (numeric ID + long secret) and is a real-looking secret value, so it should be flagged.

I am ignoring the following as non-secrets per the rules:

• TELEGRAM_CHAT_ID values (e.g., "-1001234567890") — a chat ID, not a secret.
• The crontab example TELEGRAM_BOT_TOKEN="your-bot-token" — a documentation placeholder.
• Short hex session_ids (e.g., "3962c5c4", "a1b2c3d4") — low-entropy internal IDs, not credentials.
• Other examples, ports, URLs, and environment variable names — not secrets.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to run setup scripts that install a persistent launchd service, modify crontab and user config files, create persistent files under the home directory, and even encourages a "skip_permissions" mode that bypasses permission checks — all of which modify the machine's state and bypass security safeguards.