xmake-build-cache

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I found a high-entropy token value present verbatim in both the server and client config examples:

"590234653af52e91b9e438ed860f1a2b"

This is a 32-character hex-like string used under tokens / token and appears to be a real authentication token (not a placeholder like YOUR_API_KEY or sk-xxxx). It therefore qualifies as a hardcoded secret in the documentation and should be treated as a leaked credential.

No other high-entropy secrets (API keys, PEM blocks, etc.) are present. Other values in the document are commands, paths, low-entropy example strings, or clearly documentation placeholders, so they are ignored.