The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes several CLI tools and shell scripts to perform its deployment tasks.
Runs npx wrangler deploy to push static assets to Cloudflare Workers.
Uses op (1Password CLI) to retrieve credentials securely from a specified vault.
Executes a provided bash script scripts/publish_static.sh which includes robust error handling (set -euo pipefail).
[EXTERNAL_DOWNLOADS]: The skill requires and interacts with standard tools from trusted and well-known services.
References npx wrangler for Cloudflare deployment.
References 1password-cli for credential management.
These are legitimate tools for the skill's primary purpose and do not represent a security risk.
[DATA_EXPOSURE]: The skill manages sensitive Cloudflare credentials but does so through secure channels.
It accesses ~/.claude/.secrets/op-service-account-token to authenticate with 1Password. While this is a sensitive path, it is used exclusively for the intended functional purpose of retrieving API tokens.
It correctly implements the --reveal flag for 1Password concealed fields to ensure tokens are handled correctly in the automation pipeline.
[SAFE]: The skill demonstrates high security maturity by including an anti-patterns guide (references/anti-patterns.md) that warns against common pitfalls like using deprecated services, excessive token permissions, and improper shell variable exports.

cloudflare-workers-publish