ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

here.now

v1.13.0

Publish files and folders to the web instantly. Static hosting for HTML sites, images, PDFs, and any file type. Sites can connect to external APIs (LLMs, dat...

2· 1.2k·7 current·7 all-time
by@adamludwin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name/description (publish static files) matches the included publish.sh and API reference. However registry metadata lists no required binaries or env vars while SKILL.md and the script require curl, file, and jq and optionally use $HERENOW_API_KEY / ~/.herenow/credentials — a metadata mismatch worth noting but not necessarily malicious.
!
Instruction Scope
SKILL.md instructs the agent to perform the full sign-in flow (request code, verify code), accept the API key from the user, and save it into ~/.herenow/credentials itself (explicitly: "Do not ask the user to run it manually"). The script reads/writes ~/.herenow/credentials and writes .herenow/state.json in the working directory (contains claim tokens). That gives the agent persistent access to a secret (API key) and to file system state; the behavior is coherent with the skill's purpose but is high-impact and requires explicit user consent.
Install Mechanism
There is no formal install spec (instruction-only + one shell script). The script will run only when invoked, but it warns users to install jq via a remote script (curl -fsSL https://here.now/install.sh | bash) if jq is missing — recommending running unknown remote install scripts is a risk. The SKILL.md also suggests an npx install command (npx skills add heredotnow/skill), which is reasonable but the published package origin is not documented in the skill metadata (source/homepage unknown).
Credentials
Requested credentials are limited to a here.now API key and a local credentials file; that is proportional to hosting/publishing. No unrelated cloud credentials are requested. Still, saving the API key to the user's home directory and having the agent perform that write autonomously increases the blast radius if the key is mishandled; the SKILL.md's preference for agent-side saving (rather than user-run commands) should be accepted only with explicit consent.
Persistence & Privilege
The skill does not set always:true and does not require system-wide config changes. It does promote persistent credentials in ~/.herenow and writes .herenow/state.json in the working directory after publishes. Persisting a secret that allows permanent (authenticated) publishes is a normal feature but increases long-term privilege — consider removing the stored key when no longer needed.
What to consider before installing
This skill looks like a legitimate static-file publisher, but it asks the agent to manage and persist an API key and local state. Before installing or using it: (1) Do not paste your permanent API key into chat unless you trust the agent; prefer anonymous publishes if you only need temporary hosting. (2) If you want permanent sites, consider performing the sign-in yourself and saving the key manually (or verify the agent writes ~/.herenow/credentials only with your consent). (3) Inspect scripts locally before running; avoid blindly running suggested curl | bash installers. (4) Be aware the script will read files you publish and will write .herenow/state.json in the working directory (contains claim tokens) and ~/.herenow/credentials in your home. (5) If you keep an API key, rotate or delete it when no longer needed. If you want me to, I can list the exact lines in scripts/publish.sh that read/write credentials and state, and show where network calls are made.

Like a lobster shell, security has layers — review code before you run it.

agentsvk973kdt6wsb8p8n4pnnyhf0nmn81h4cjdeployvk973kdt6wsb8p8n4pnnyhf0nmn81h4cjhostingvk973kdt6wsb8p8n4pnnyhf0nmn81h4cjlatestvk976a347yt7at213rks2fsyp1h84z08ypublishvk973kdt6wsb8p8n4pnnyhf0nmn81h4cjstatic-hostingvk973kdt6wsb8p8n4pnnyhf0nmn81h4cjwebvk973kdt6wsb8p8n4pnnyhf0nmn81h4cj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments