Cloud Misconfig Scanner

The skill bundle facilitates a 'Cloud Misconfiguration Scanner' that requires the agent to collect and transmit raw cloud provider credentials (e.g., AWS Access Key ID and Secret Access Key) to a third-party API endpoint (api.mkkpro.com). While this behavior is explicitly documented in SKILL.md and openapi.json as necessary for the tool's stated purpose, the practice of sending long-lived, highly sensitive secrets to an external service represents a significant security risk. There is no evidence of obfuscation or hidden malicious intent, but the inherent risk of credential handling justifies a suspicious classification.