Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The installation guide instructs users to place a long-lived API key in an environment variable and use it in authorization headers, but it gives no warning about secure storage, shell history leakage, process inspection, rotation, or least-privilege handling. Because this skill manages industrial IoT devices and remote monitoring capabilities, compromise of the key could enable unauthorized access to operational technology data or actions.
