Missing User Warnings
Low
- Confidence
- 91% confidence
- Finding
- The skill tells users to set `DASHSCOPE_API_KEY` or store `dashscope_api_key` in a credentials file, but it does not warn about protecting secrets, avoiding logs, or restricting file permissions. This increases the risk of accidental credential exposure through shell history, screenshots, shared environments, repository commits, or overly permissive credential files.
