The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill provides hardcoded default credentials ("admin:admin") in the configuration examples. While these are common defaults for the hardware, including literal credentials in instructions can lead to security risks if users do not rotate them.
[COMMAND_EXECUTION]: Every documented API interaction uses curl with the -k (or --insecure) flag. This explicitly instructs the agent to bypass SSL/TLS certificate validation, making all remote management traffic vulnerable to man-in-the-middle (MitM) attacks.
[COMMAND_EXECUTION]: The skill relies on external command-line tools like jq and a platform-specific diagnostic tool zero doctor to process data and verify connectivity.
[DATA_EXFILTRATION]: The skill includes functionality to capture screenshots of the remote machine and save them to the local file system at /tmp/screenshot.jpg. This represents a potential data exposure risk as it handles sensitive visual information from the remote host.

pikvm