The Agent Skills Directory

[COMMAND_EXECUTION]: The toolkit uses the subprocess.Popen function in scripts/start_login.py to initiate the platform's authentication flow by opening the user's default web browser. This is an appropriate use of command execution for CLI-based login.
[EXTERNAL_DOWNLOADS]: The skill fetches asset pricing data from Jupiter's official price API and permits the downloading of image files from user-specified URLs for product cover images. These operations are performed neutrally and for legitimate product features.
[CREDENTIALS_UNSAFE]: Session tokens are stored in the user's home directory (~/.cesto/session.dat). The implementation mitigates exposure risks by applying XOR encoding based on machine-specific identity and enforcing restrictive file permissions (0600) to ensure the data is only accessible to the current user.

cesto-creator-toolkit