Skillv1.15.3

ClawScan security

here.now · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 12:01 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, scripts, and instructions are consistent with its stated purpose (publishing sites and Drive storage) but you should be careful about providing and storing API keys because the skill instructs agents to save credentials to a local file and will perform network uploads to here.now.
Guidance: This skill appears to do what it says: publish static sites and manage private Drive files on here.now. The important safety points: (1) authenticated publishing and Drive operations require an API key or Drive token; the skill instructs agents to save keys to ~/.herenow/credentials — only allow this if you trust the skill and agent environment. (2) Do not paste secrets into chat; prefer creating scoped tokens and writing them yourself to the credentials file with file permissions (chmod 600). (3) The scripts will upload files to https://here.now and include a client header for attribution; they refuse to send credentials to other domains unless you explicitly override that behavior. (4) If you want to be extra cautious, inspect the publish.sh and drive.sh files locally before using them, and consider using anonymous publishes (24h) or creating limited-scope drive tokens rather than full-account API keys. If anything about where data will be published or how keys are handled is unclear, review https://here.now/docs or ask the skill to show the exact API calls it will perform before providing credentials.

Review Dimensions

Purpose & Capability: noteName/description (publish Sites, store private Drive files) aligns with the included scripts (publish.sh and drive.sh) which call here.now API endpoints. The skill metadata lists no required env vars, but the runtime instructions and scripts require or strongly expect HERENOW_API_KEY, HERENOW_DRIVE_TOKEN, or ~/.herenow/credentials for non-anonymous operations — this is a minor metadata inconsistency but consistent with the skill's purpose.
Instruction Scope: concernSKILL.md instructs the agent to read external docs (https://here.now/docs), run the bundled scripts, and to obtain and store API keys. It explicitly instructs storing API keys in ~/.herenow/credentials and says 'Do not ask the user to run it manually' (i.e., the agent is expected to save keys itself). That handling of secrets (writing credentials to disk) is necessary for authenticated publishes/drives but increases risk if keys are provided in chat or the agent acts on behalf of the user without explicit confirmation. The scripts otherwise operate narrowly (only call here.now endpoints and refuse to send credentials to non-default base URL unless overridden).
Install Mechanism: okThere is no remote install step; the skill is instruction+bundled scripts. All network calls in the scripts point to https://here.now. No arbitrary external download or install-from-URL is present in the included files.
Credentials: noteRequested credentials (HERENOW_API_KEY, HERENOW_DRIVE_TOKEN, and ~/.herenow/credentials) are appropriate for a site/drive hosting skill. The scripts require credentials for Drive operations (drive.sh will die if none provided) and allow anonymous publishes with 24h expiry. The SKILL.md/metadata could be clearer: metadata shows no required env vars while the runtime behavior effectively requires credentials for many operations. The scripts limit credential leakage by refusing to send bearer tokens to non-default API base unless explicitly overridden.
Persistence & Privilege: okalways:false (default) and the skill does not request broad platform privileges. It reads/writes only its own state/credential paths (~/.herenow/*) and does not modify other skills or system-wide agent config.