The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches its current documentation from the vendor's official domain (https://here.now/docs) and interacts with the API endpoints on the same domain. These operations are part of the intended functionality and target trusted vendor infrastructure.
[COMMAND_EXECUTION]: The publish script uses standard system utilities such as curl for network requests, jq for JSON processing, and file for MIME type detection. All shell operations are focused on the core task of preparing and uploading files.
[CREDENTIALS_UNSAFE]: The skill manages service-specific API keys by storing them in ~/.herenow/credentials. It explicitly uses chmod 600 to ensure the credentials file is not readable by other users, which is a recommended security practice for managing secrets.
[DATA_EXFILTRATION]: The skill reads and uploads user-specified files to the here.now platform. This is the primary, documented purpose of the skill. The script includes a safety check to prevent sending the API key to non-standard domains unless explicitly authorized by the user.

here-now