The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected. The skill performs its intended functions using standard practices.\n- [COMMAND_EXECUTION]: The script scripts/upload.js uses child_process.execSync to run osascript on macOS for clipboard access. This is implemented using a static command string and a hardcoded temporary file path, which prevents command injection risks.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of well-known and trusted Node.js packages (imagekit, clipboardy, dotenv) from the official npm registry.\n- [CREDENTIALS_UNSAFE]: The skill correctly instructs users to manage sensitive API keys through a local .env file. This is a standard and acceptable configuration practice for local agent tools and avoids hardcoding secrets in the code itself.

imagekit-upload