volcengine-doubao-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's example code and SDK usage show API keys/secret_keys and an Authorization header being placed directly into request headers and client initializers (e.g., 'Authorization': 'Bearer your-api-key', api_key='your-api-key', secret_key='your-secret-key'), which requires the LLM to insert secret values verbatim rather than using environment variables or a secure auth flow.