here-now

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's flows and examples require the agent to insert API keys and one‑time codes verbatim into commands/HTTP requests (e.g., Authorization: Bearer {API_KEY}, the verify-code curl payload, and the echo "{API_KEY}" > ~/.herenow/credentials) and instruct the agent to save/use keys directly, so the LLM would need to output secret values.