Description-Behavior Mismatch
Medium
- Confidence
- 93% confidence
- Finding
- The skill advertises credential-usage monitoring, but this code does not analyze usage patterns at all; it reads a sensitive .env file and only checks whether certain provider names appear. That creates unnecessary access to secret-bearing material and can mislead operators into believing credential misuse is being monitored when it is not.
