ov-server-operate

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt provides configuration templates with "api_key"/"root_api_key" placeholders and explicitly tells the agent to ask users to obtain and set those keys (i.e., replace placeholders), which encourages collecting and embedding secrets verbatim into config files or generated outputs, creating an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The presence of a direct install script (https://astral.sh/uv/install.sh) recommended to be run via curl|sh — which is high-risk if the source is untrusted — combined with an unusual API base domain (ark.cn-beijing.volces.com) that looks like a potential typo-squat of Volcengine, makes this set potentially suspicious even though the localhost health/readiness endpoints are benign.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime setup includes executing a remote installer via "curl -LsSf https://astral.sh/uv/install.sh | sh", which fetches and runs remote code and is required for the environment (uv) used later.