commandbox-embedded-server

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains plaintext credentials and examples that set passwords inline (e.g., basicAuth user entries and CLI commands like server set web.basicAuth.users.admin=secretpass), which would require the agent to emit secret values verbatim in generated configs/commands.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs actions that modify system state—installing the server as an OS service, binding to privileged ports (80/443), and writing to system paths (e.g. /var/www, service managers like launchd/NSSM)—which require elevated privileges and can change system/service configuration.