homeassistant-mcp-server

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that embed HASS_TOKEN values directly in JSON, shell exports, and config files (including a truncated token string), which encourages asking for and verbatim inserting secrets into generated configs/commands and thus creates an exfiltration risk.