shadcn-guide

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] Benign: The fragment is documentation for a UI framework integration flow. It presents expected CLI usage and configuration patterns without embedding executable code, hardcoded secrets, or suspicious data flows. It does not perform downloads/executions itself and relies on standard, well-known tooling. Security risk remains typical for documentation that references external services, but there is no active payload or credential harvesting detected in the fragment. LLM verification: This SKILL.md is a legitimate documentation guide for shadcn/ui. It contains supply-chain risk patterns: unpinned npx commands (download-and-execute), encouragement to install from third-party community registries, and an 'Open in v0' flow that accepts tokens in query strings (risk of credential leakage). The static scanner hits on '.config' appear to be documentation references to configuration files, not code that reads credential files. I find no direct evidence of malware or credential exfil