tailscale

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly shows and encourages embedding auth/API keys verbatim (e.g., --authkey=tskey-auth-..., API_KEY = "tskey-api-...", Authorization: Bearer $API_KEY, TS_AUTHKEY in Docker, curl with header), which requires the agent to handle and output secrets directly and is high-risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains numerous sudo-privileged operations (installing packages, modifying apt sources and /etc/sysctl.conf, enabling systemd services, enabling Tailscale SSH/exit-node/subnet routing, and fleet provisioning via sudo), which directly modify system state and require elevated privileges, so it must be flagged.