Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill advertises a local Web UI with auto-login that shares credentials/session state with the CLI, but the warning is minimal and does not clearly explain the security implications. Even for localhost-only services, shared authentication can expose sensitive trading credentials or active sessions to other local users, malware, browser compromise, or unintended network exposure if the server binds incorrectly.
