After messing with the run-script API call for automating several things on R80, I noticed that it does not filter/mask user credentials and other sensitive data sent to it. Everything gets stored in the Recent Tasks log (bottom left corner).
Here's an example from provisioning a VS using vsx_provisioning_tool:
Had to switch to local authentication (-L) to prohibit the user credentials from being exposed and stored.
Anyway, I think this should be handled by run-script itself, possibly the Check Point GUI, especially when executing obvious Check Point internal tools. Could be some regex foo or something, replacing the output with "-p xxxxxxx" instead.
Have a nice weekend!