nokey-vehicle-info

The skill manages vehicle information by executing shell commands (curl, jq, awk) to interact with third-party APIs (ingeek.com, nokeeu.com). It requests sensitive authentication tokens from the user and stores them in plaintext in a local cache file (~/.nokey_vehicle_info_cache.json), which is a significant security vulnerability. Additionally, the instructions in SKILL.md for processing user-provided tokens via shell scripts are potentially vulnerable to shell injection if the AI agent does not sanitize the input before execution. While these capabilities are plausibly needed for the stated purpose, the combination of risky shell execution and insecure credential handling warrants a suspicious classification.