Context-Inappropriate Capability
Medium
- Confidence
- 87% confidence
- Finding
- The skill implements a custom Bitwarden/Vaultwarden account-registration and cryptographic enrollment workflow instead of delegating to the official client. Re-implementing security-sensitive registration logic increases the risk of protocol mistakes, incompatibilities, and inadvertent exposure of password-derived material to arbitrary user-configured servers, making this materially more dangerous in a password-manager integration context.
