skills/heredotnow/skill/here-now/Gen Agent Trust Hub

here-now

Pass

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses bundled shell scripts (publish.sh, drive.sh) to execute local system commands for file management, directory traversal, and environment configuration.
  • Evidence: Uses mkdir, echo, chmod, wc, find, and tr within the scripts to handle local state and file manifests.
  • [DATA_EXFILTRATION]: The skill is designed to upload local files and directories to the remote here.now service for the purpose of web publishing and private cloud storage.
  • Evidence: publish.sh and drive.sh utilize curl to transmit local file data and directory contents to https://here.now/api/v1/*.
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation and performs API requests to the author's official domains.
  • Evidence: Instructions direct the agent to retrieve current documentation from https://here.now/docs and interact with authentication endpoints at https://here.now/api/auth/*.
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive API keys and session tokens to authenticate with the cloud service.
  • Evidence: Instructs the agent to store the user's API key in ~/.herenow/credentials with restricted permissions (chmod 600) and reads tokens from the HERENOW_API_KEY and HERENOW_DRIVE_TOKEN environment variables.
Audit Metadata
Risk Level
SAFE
Analyzed
May 24, 2026, 06:19 PM
Security Audit — agent-trust-hub — here-now