The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill communicates with 'ai-skills.ai' via a Python runner script (scripts/run.py) to fetch real-time data. This behavior is clearly documented in the SKILL.md and is central to the skill's functionality.
[COMMAND_EXECUTION]: The skill includes a Python script (scripts/run.py) intended to be executed to interact with the API. Analysis of the script shows it only performs standard HTTP requests using the urllib library and does not execute arbitrary shell commands or access sensitive system files.
[CREDENTIALS_UNSAFE]: The skill requires an API key (AISKILLS_API_KEY) to function. It correctly instructs the user to provide this via environment variables, which is a standard security practice for managing secrets in agent environments. It does not contain hardcoded credentials.
[DATA_EXFILTRATION]: Data sent to the third-party domain 'ai-skills.ai' is limited to the skill identifier and the user-provided parameters (e.g., keywords, category tags). The SKILL.md explicitly discloses this data transfer, and the code confirms no other sensitive information (like SSH keys or environment configs) is transmitted.

douyin-realtime-hot-rise