hence-share

The skill's stated purpose (publishing a project to Hence with metadata and screenshots) is broadly coherent with the described Python-based workflow. The credential flows (device flow + optional API key) align with typical modern auth patterns, but the documentation lacks explicit security details (token handling, storage, scope, and rotation). Data flows (metadata and screenshots to Hence) are appropriate for the task but depend on secure transport and server trust. No obvious malicious behavior is evident, but there are moderate security concerns around credential handling and non-interactive use. Overall, the footprint is BENIGN with notable risk factors that should be mitigated by adding explicit security controls and clearer guidance on credential management.