verl-deploy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the agent to collect and then embed the SwanLab API key into commands/scripts (exporting env vars, echoing the key into swanlab login, and passing --swanlab-api-key on the CLI), which requires outputting the secret verbatim and is therefore insecure.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill contains runtime docker pull and examples that fetch and run remote container images (e.g., quay.io/ascend/verl:verl-8.3.rc1-910b-ubuntu22.04-py3.11-v0.7.0 and quay.io/ascend/verl:latest or hub.openlab-sh.sd.huawei.com/ascend/verl:v1.0) — these URLs are used at runtime to download images whose contents will execute as code inside the container, meeting the criteria for remote-executed code dependency.