The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on a local bash script (scripts/sw-editor.sh) to perform operations. The script is well-structured, using set -euo pipefail and proper variable quoting to prevent shell injection. It uses jq's --arg and --argjson flags for safe JSON construction when passing arguments to API calls.
[EXTERNAL_DOWNLOADS]: The script uses curl to interact with https://superwall-mcp.superwall.com. This is the official relay service provided by the vendor ('superwall') and is essential for the skill's purpose. All network operations are performed over HTTPS.
[CREDENTIALS_UNSAFE]: The skill manages a short-lived controllerToken issued during the 'attach' process. This token is stored in a local state file (.superwall/state.json) which is protected with restrictive permissions (chmod 600) and stored in a directory with chmod 700. The script includes specific logic to strip these credentials from user-facing status commands to prevent accidental leakage in chat logs.

superwall-editor