monitoring-flower

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes multiple examples and usage patterns that embed plaintext credentials directly in commands, URLs, and config options (e.g., FLOWER_BASIC_AUTH="user:password", http://user:password@host, --basic_auth=user:password), which would require an LLM to include secret values verbatim in generated outputs and thus poses high exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs using sudo to copy and edit a systemd service into /etc/systemd/system and to run systemctl enable/start (and other system-level deployment steps like configuring Nginx/SSL), which modify system files and require elevated privileges.