← Back to Skills Marketplace
adamludwin

here.now

by adamludwin · GitHub ↗ · v1.15.3 · MIT-0
cross-platform ⚠ suspicious
1367
Downloads
2
Stars
7
Active Installs
28
Versions
Install in OpenClaw
/install here-now
Description
here.now lets agents publish websites and store private files in cloud Drives. Use Sites to publish HTML, documents, images, PDFs, videos, and static files t...
README (SKILL.md)

here.now

Skill version: 1.15.3

here.now lets agents publish websites and store private files in cloud Drives.

Use here.now for two jobs:

  • Sites: publish websites and files at {slug}.here.now.
  • Drives: store private agent files in cloud folders.

To install or update (recommended): npx skills add heredotnow/skill --skill here-now -g

For repo-pinned/project-local installs, run the same command without -g.

Current docs

Before answering questions about here.now capabilities, features, or workflows, read the current docs:

https://here.now/docs

Read the docs:

  • at the first here.now-related interaction in a conversation
  • any time the user asks how to do something
  • any time the user asks what is possible, supported, or recommended
  • before telling the user a feature is unsupported

Topics that require current docs (do not rely on local skill text alone):

  • Drives and Drive sharing
  • custom domains
  • payments and payment gating
  • forking
  • proxy routes and service variables
  • handles and links
  • limits and quotas
  • SPA routing
  • error handling and remediation
  • feature availability

If docs and live API behavior disagree, trust the live API behavior.

If the docs fetch fails or times out, continue with the local skill and live API/script output. Prefer live API behavior for active operations.

Requirements

  • Required binaries: curl, file, jq
  • Optional environment variable: $HERENOW_API_KEY
  • Optional Drive token variable: $HERENOW_DRIVE_TOKEN
  • Optional credentials file: ~/.herenow/credentials
  • Bundled helpers:
    • ./scripts/publish.sh for publishing sites
    • ./scripts/drive.sh for private Drive storage

Create a site

./scripts/publish.sh {file-or-dir}

Outputs the live URL (e.g. https://bright-canvas-a7k2.here.now/).

Under the hood this is a three-step flow: create/update -> upload files -> finalize. A site is not live until finalize succeeds.

Without an API key this creates an anonymous site that expires in 24 hours. With a saved API key, the site is permanent.

File structure: For HTML sites, place index.html at the root of the directory you publish, not inside a subdirectory. The directory's contents become the site root. For example, publish my-site/ where my-site/index.html exists — don't publish a parent folder that contains my-site/.

You can also publish raw files without any HTML. Single files get a rich auto-viewer (images, PDF, video, audio). Multiple files get an auto-generated directory listing with folder navigation and an image gallery.

Update an existing site

./scripts/publish.sh {file-or-dir} --slug {slug}

The script auto-loads the claimToken from .herenow/state.json when updating anonymous sites. Pass --claim-token {token} to override.

Authenticated updates require a saved API key.

Use a Drive

Use a Drive when the user wants private cloud storage for agent files: documents, context, memory, plans, assets, media, research, code, and anything else that should persist without being published as a website.

Every signed-in account has a default Drive named My Drive.

./scripts/drive.sh default
./scripts/drive.sh ls My Drive
./scripts/drive.sh put My Drive notes/today.md --from ./notes/today.md
./scripts/drive.sh cat My Drive notes/today.md
./scripts/drive.sh share My Drive --perms write --prefix notes/ --ttl 7d

Use scoped Drive tokens for agent-to-agent handoff. If you receive a herenow_drive share block, use its token as Authorization: Bearer \x3Ctoken> against api_base, respect pathPrefix when present, and preserve ETags on writes. A pathPrefix of null means full-Drive access. If the skill is available, prefer ./scripts/drive.sh; otherwise call the listed API operations directly.

Client attribution

Pass --client so here.now can track reliability by agent:

./scripts/publish.sh {file-or-dir} --client cursor

This sends X-HereNow-Client: cursor/publish-sh on publish API calls. If omitted, the script sends a fallback value.

API key storage

The publish script reads the API key from these sources (first match wins):

  1. --api-key {key} flag (CI/scripting only — avoid in interactive use)
  2. $HERENOW_API_KEY environment variable
  3. ~/.herenow/credentials file (recommended for agents)

To store a key, write it to the credentials file:

mkdir -p ~/.herenow && echo "{API_KEY}" > ~/.herenow/credentials && chmod 600 ~/.herenow/credentials

IMPORTANT: After receiving an API key, save it immediately — run the command above yourself. Do not ask the user to run it manually. Avoid passing the key via CLI flags (e.g. --api-key) in interactive sessions; the credentials file is the preferred storage method.

Never commit credentials or local state files (~/.herenow/credentials, .herenow/state.json) to source control.

Getting an API key

To upgrade from anonymous (24h) to permanent sites:

  1. Ask the user for their email address.
  2. Request a one-time sign-in code:
curl -sS https://here.now/api/auth/agent/request-code \
  -H "content-type: application/json" \
  -d '{"email": "[email protected]"}'
  1. Tell the user: "Check your inbox for a sign-in code from here.now and paste it here."
  2. Verify the code and get the API key:
curl -sS https://here.now/api/auth/agent/verify-code \
  -H "content-type: application/json" \
  -d '{"email":"[email protected]","code":"ABCD-2345"}'
  1. Save the returned apiKey yourself (do not ask the user to do this):
mkdir -p ~/.herenow && echo "{API_KEY}" > ~/.herenow/credentials && chmod 600 ~/.herenow/credentials

State file

After every site create/update, the script writes to .herenow/state.json in the working directory:

{
  "publishes": {
    "bright-canvas-a7k2": {
      "siteUrl": "https://bright-canvas-a7k2.here.now/",
      "claimToken": "abc123",
      "claimUrl": "https://here.now/claim?slug=bright-canvas-a7k2&token=abc123",
      "expiresAt": "2026-02-18T01:00:00.000Z"
    }
  }
}

Before creating or updating sites, you may check this file to find prior slugs. Treat .herenow/state.json as internal cache only. Never present this local file path as a URL, and never use it as source of truth for auth mode, expiry, or claim URL.

What to tell the user

For published sites:

  • Always share the siteUrl from the current script run.
  • Read and follow publish_result.* lines from script stderr to determine auth mode.
  • When publish_result.auth_mode=authenticated: tell the user the site is permanent and saved to their account. No claim URL is needed.
  • When publish_result.auth_mode=anonymous: tell the user the site expires in 24 hours. Share the claim URL (if publish_result.claim_url is non-empty and starts with https://) so they can keep it permanently. Warn that claim tokens are only returned once and cannot be recovered.
  • Never tell the user to inspect .herenow/state.json for claim URLs or auth status.

For Drives:

  • Do not describe Drive files as public URLs.
  • Tell the user Drive contents are private unless shared with a scoped token.
  • When sharing access with another agent, prefer a scoped token with a narrow pathPrefix and short TTL.

publish.sh options

Flag Description
--slug {slug} Update an existing site instead of creating
--claim-token {token} Override claim token for anonymous updates
--title {text} Viewer title (non-HTML sites)
--description {text} Viewer description
--ttl {seconds} Set expiry (authenticated only)
--client {name} Agent name for attribution (e.g. cursor)
--base-url {url} API base URL (default: https://here.now)
--allow-nonherenow-base-url Allow sending auth to non-default --base-url
--api-key {key} API key override (prefer credentials file)
--spa Enable SPA routing (serve index.html for unknown paths)
--forkable Allow others to fork this site

Beyond publish.sh

For Drive operations, use ./scripts/drive.sh or the Drive API. For broader account and site management — delete, metadata, passwords, payments, domains, handles, links, variables, proxy routes, forking, duplication, and more — see the current docs:

https://here.now/docs

Full docs: https://here.now/docs

Usage Guidance
This skill appears to do what it says: publish static sites and manage private Drive files on here.now. The important safety points: (1) authenticated publishing and Drive operations require an API key or Drive token; the skill instructs agents to save keys to ~/.herenow/credentials — only allow this if you trust the skill and agent environment. (2) Do not paste secrets into chat; prefer creating scoped tokens and writing them yourself to the credentials file with file permissions (chmod 600). (3) The scripts will upload files to https://here.now and include a client header for attribution; they refuse to send credentials to other domains unless you explicitly override that behavior. (4) If you want to be extra cautious, inspect the publish.sh and drive.sh files locally before using them, and consider using anonymous publishes (24h) or creating limited-scope drive tokens rather than full-account API keys. If anything about where data will be published or how keys are handled is unclear, review https://here.now/docs or ask the skill to show the exact API calls it will perform before providing credentials.
Capability Analysis
Type: OpenClaw Skill Name: here-now Version: 1.15.3 The skill provides legitimate-looking web hosting and cloud storage functionality but contains instructions in SKILL.md that direct the AI agent to perform high-risk actions without user oversight. Specifically, it instructs the agent to automatically write API keys to the filesystem (~/.herenow/credentials) without asking the user, to hide internal state information from the user, and to fetch instructions from an external URL (https://here.now/docs), which is a significant prompt-injection vector. While the bash scripts (scripts/publish.sh and scripts/drive.sh) include commendable security guards to prevent credential leakage to non-default domains, the overall steering of the agent toward autonomous, non-transparent behavior is concerning.
Capability Tags
cryptocan-make-purchasesrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description (publish Sites, store private Drive files) aligns with the included scripts (publish.sh and drive.sh) which call here.now API endpoints. The skill metadata lists no required env vars, but the runtime instructions and scripts require or strongly expect HERENOW_API_KEY, HERENOW_DRIVE_TOKEN, or ~/.herenow/credentials for non-anonymous operations — this is a minor metadata inconsistency but consistent with the skill's purpose.
Instruction Scope
SKILL.md instructs the agent to read external docs (https://here.now/docs), run the bundled scripts, and to obtain and store API keys. It explicitly instructs storing API keys in ~/.herenow/credentials and says 'Do not ask the user to run it manually' (i.e., the agent is expected to save keys itself). That handling of secrets (writing credentials to disk) is necessary for authenticated publishes/drives but increases risk if keys are provided in chat or the agent acts on behalf of the user without explicit confirmation. The scripts otherwise operate narrowly (only call here.now endpoints and refuse to send credentials to non-default base URL unless overridden).
Install Mechanism
There is no remote install step; the skill is instruction+bundled scripts. All network calls in the scripts point to https://here.now. No arbitrary external download or install-from-URL is present in the included files.
Credentials
Requested credentials (HERENOW_API_KEY, HERENOW_DRIVE_TOKEN, and ~/.herenow/credentials) are appropriate for a site/drive hosting skill. The scripts require credentials for Drive operations (drive.sh will die if none provided) and allow anonymous publishes with 24h expiry. The SKILL.md/metadata could be clearer: metadata shows no required env vars while the runtime behavior effectively requires credentials for many operations. The scripts limit credential leakage by refusing to send bearer tokens to non-default API base unless explicitly overridden.
Persistence & Privilege
always:false (default) and the skill does not request broad platform privileges. It reads/writes only its own state/credential paths (~/.herenow/*) and does not modify other skills or system-wide agent config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install here-now
  3. After installation, invoke the skill by name or use /here-now
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.15.3
Raise Drive file upload helper limit to 500 MB and refresh here.now skill copy.
v1.15.2
**Adds private Drive storage alongside website publishing.** - Introduced Drives: agents can now store private files in cloud Drives, share folders, and persist files (not just publish websites). - Added new helper script `scripts/drive.sh` for Drive operations (create, list, read, write, share). - Updated core documentation and usage to include both Sites (public publishing) and Drives (private storage). - Updated requirements: new environment variable `$HERENOW_DRIVE_TOKEN` for Drive access. - Clarified when to use Sites vs Drives throughout the documentation.
v1.14.0
- Updated skill documentation to require reading live here.now docs at https://here.now/docs before answering on key topics and workflows. - Removed local reference documentation (REFERENCE.md) in favor of always using canonical, current docs. - Clarified that for core features like custom domains, payments, forking, limits, and more, guidance should come from the latest docs or observed API behavior. - Specified to trust live API behavior if docs and API responses differ. - Existing publish/script usage details retained for reference.
v1.13.0
here-now 1.13.0 - Version bump to 1.13.0 (no file changes detected) - No user-facing changes in this release
v1.12.1
No user-facing changes in this release. - Version bumped from 1.12.0 to 1.12.1 with small tweak to documentation - No new features, fixes, or adjustments detected.
v1.12.0
here-now 1.12.0 Changelog - No file changes detected in this release. - Documentation now describes support for the new `--forkable` flag in the publish script options. - Updated documentation examples and details to match the latest platform capabilities.
v1.11.0
Version 1.11.0 - Added support for SPA (Single-Page Application) routing with the new --spa flag on publish, ensuring index.html is served for unknown paths. - Documented how to enable or toggle SPA mode both via CLI and API call for client-side routed sites like React, Vue, and Svelte. - Updated documentation to include the --spa flag in script options. - Clarified asset path requirements for SPA builds. - No code changes were made; this release updates documentation only.
v1.10.0
here-now 1.10.0 is a feature release expanding publishing capabilities. - Adds support for proxy routes enabling server-side API calls (e.g., LLMs, databases, email, payments) from hosted sites. - Updates skill description to reflect new ability to "build a chatbot" and connect to external APIs. - No functional changes to publishing flow, authentication, or API key management. - Existing static hosting and usage remains unchanged.
v1.9.1
No functional or behavioral changes; documentation only. - Added instructions for obtaining a Tempo wallet address for payment gating. - Linked to https://wallet.tempo.xyz and included `npx mppx account create` as wallet options. - No changes to code or scripts; usage remains the same.
v1.9.0
here-now 1.9.0 - Added documentation for payment gating: sites can now require stablecoin payment on the Tempo network before granting access, with payments sent directly to the publisher's wallet. - CLI examples provided for setting wallet addresses, configuring site pricing, and removing payment requirements. - Documentation clarified that "metadata patch" operations now include password protection and payment gating. - No underlying file or implementation changes were detected—documentation updates only.
v1.8.3
Simple clarifications in docs
v1.8.1
here-now 1.8.1 is a minor documentation release. - Removed the fallback install note from the shipped skill instructions. - Bumped the skill version to 1.8.1. - No functional script or API behavior changes.
v1.8.0
here-now 1.8.0 - Added site duplication: instantly create a full server-side copy of any site you own, under a new slug, with optional metadata overrides—no upload required (API only). - Updated API key storage guidance: agents must save the API key themselves after receipt, rather than asking the user to do so. - Docs now clarify to avoid passing API keys via CLI flags in interactive sessions; use the credentials file as the preferred method. - Reference section reflects support for new duplicate operation alongside delete, patch, and claim.
v1.7.0
**Terminology update and documentation improvements.** - User-facing term changed from "artifact/publish" to "site" throughout documentation. - Script, file, and API usage examples updated for clarity and terminology consistency. - Expanded API route aliases and equivalence notes in the "Terminology and API aliases" section. - Documentation now emphasizes "site" in UI/user prompts and state tracking. - Improved description of limits and usage scenarios.
v1.6.9
here-now 1.6.9 - Documentation updated to mention password protection as a supported metadata patch operation via the API. - No code changes; behavior remains the same.
v1.6.8
here-now 1.6.8 - Updated instructions for what information to share with users after publish. - Clarified user messaging and handling for anonymous vs authenticated artifacts: - Explicitly guide on communicating expiry, permanence, and claim URLs based on auth mode. - Enhanced safety notes: never direct users to inspect internal state files for claim URLs or status. - No functional or code changes; documentation improvements only.
v1.6.7
No changes to files detected in this release. - Version bumped from 1.6.6 to 1.6.7; no functional or documentation changes present. - Behavior and usage remain identical to previous version.
v1.6.6
here-now 1.6.6 changelog: - Expanded skill trigger phrases to cover more publish/upload scenarios in the description. - Clarified that anyone with an API key can claim a handle, not just paid plans. - Updated and streamlined description text for improved clarity and broader discoverability. - No code or function changes; documentation updates only.
v1.6.5
Version 1.6.5 - Replaces the term "publish" with "artifact" throughout the documentation for improved clarity. - Updates API key acquisition flow: now uses a one-time sign-in code via dedicated endpoints. - Adds an explicit Terminology and API aliases section explaining the transition from "publish" to "artifact", "username" to "handle", and "mount" to "link". - Enhances detail on handle and link features, including references to new endpoints and plan requirements. - Updates usage examples and limits table to match latest API behavior and terminology. - General wording and structure improvements for easier reading.
v1.6.4
here-now 1.6.4 - Added description of the internal three-step publish flow (create/update → upload files → finalize). - Documented the new --client flag for agent attribution and its effect on API requests. - Minor rewording and switched shell placeholder formatting from <angle> to {curly} for all user-facing code/docs.
Metadata
Slug here-now
Version 1.15.3
License MIT-0
All-time Installs 7
Active Installs 7
Total Versions 28
Frequently Asked Questions

What is here.now?

here.now lets agents publish websites and store private files in cloud Drives. Use Sites to publish HTML, documents, images, PDFs, videos, and static files t... It is an AI Agent Skill for Claude Code / OpenClaw, with 1367 downloads so far.

How do I install here.now?

Run "/install here-now" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is here.now free?

Yes, here.now is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does here.now support?

here.now is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created here.now?

It is built and maintained by adamludwin (@adamludwin); the current version is v1.15.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments