use-native-credential-proxy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill tells the agent to accept user-supplied tokens/keys and write them into .env (e.g., using echo 'ANTHROPIC_API_KEY=' >> .env or "write it to .env on their behalf"), which requires the LLM to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and merges code from a public GitHub upstream (git fetch upstream https://github.com/qwibitai/nanoclaw.git and merge steps) and requires resolving conflicts by reading the fetched files, so untrusted, user-generated content from the open web is ingested and can materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching and merging remote code from the GitHub repo https://github.com/qwibitai/nanoclaw.git (git fetch upstream skill/native-credential-proxy && git merge ...) during the apply/setup steps, which pulls remote source that is then built and executed and therefore can change agent behavior—this meets the criteria for a runtime-fetched external dependency that executes code.