here-now
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses bundled shell scripts (
publish.sh,drive.sh) to execute local system commands for file management, directory traversal, and environment configuration. - Evidence: Uses
mkdir,echo,chmod,wc,find, andtrwithin the scripts to handle local state and file manifests. - [DATA_EXFILTRATION]: The skill is designed to upload local files and directories to the remote
here.nowservice for the purpose of web publishing and private cloud storage. - Evidence:
publish.shanddrive.shutilizecurlto transmit local file data and directory contents tohttps://here.now/api/v1/*. - [EXTERNAL_DOWNLOADS]: The skill fetches documentation and performs API requests to the author's official domains.
- Evidence: Instructions direct the agent to retrieve current documentation from
https://here.now/docsand interact with authentication endpoints athttps://here.now/api/auth/*. - [CREDENTIALS_UNSAFE]: The skill manages sensitive API keys and session tokens to authenticate with the cloud service.
- Evidence: Instructs the agent to store the user's API key in
~/.herenow/credentialswith restricted permissions (chmod 600) and reads tokens from theHERENOW_API_KEYandHERENOW_DRIVE_TOKENenvironment variables.
Audit Metadata