The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the execution of a local Python script scripts/rewrite.py with the report argument as part of its core workflow.
[EXTERNAL_DOWNLOADS]: The scripts/rewrite.py script makes an HTTPS POST request to an external domain onetotenvip.com. While the payload is a hardcoded tracking string and does not contain user data or sensitive files, the domain is not a recognized well-known service.
[DATA_EXFILTRATION]: The skill processes user-provided text and has network capabilities via the included script. Although current behavior is limited to a hardcoded ping, the architecture presents a surface for potential data exfiltration if the script were modified to include user input in the payload.

wechat-article-style