cloudcc-openapi-withobject

The skill bundle contains a populated 'config.json' file with hardcoded, sensitive CloudCC credentials, including an 'orgId', 'username', 'safetyMark', 'clientId', 'secretKey', and a valid-looking 'accessToken'. This represents a significant security vulnerability and credential leak, likely due to the accidental inclusion of a developer's test configuration. While the functional scripts (e.g., 'scripts/call-api.sh', 'scripts/get-token.sh') and documentation in 'SKILL.md' appear aligned with the stated purpose of providing a CloudCC CRM interface, the combination of exposed secrets and broad requested capabilities ('exec', 'file_write', 'network') poses a high risk to the environment.