chore: harden repo for open source contributors

- Expand .gitignore with .env, .DS_Store, node_modules, editor files, and macOS iCloud duplicate patterns - Add security section to CLI README warning against hardcoded keys - Update AGENTS.md with CLI tools in repo structure and build commands - Trash 40 macOS "2.md" duplicate files from working tree Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 15:12:00 -08:00 · 2026-02-17 15:12:00 -08:00 · c4b698f996
commit c4b698f996
parent 2349865acb
3 changed files with 44 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,25 @@
+# Dependencies
+node_modules/
+
+# Environment variables / secrets
+.env
+.env.*
+!.env.example
+
+# macOS
+.DS_Store
+**/. DS_Store
+
+# macOS / iCloud duplicate files
+* 2.*
+* 2/
+
 # Remotion video project
 video/
+
+# Editor
+*.swp
+*.swo
+*~
+.idea/
+.vscode/
--- a/AGENTS.md
+++ b/AGENTS.md
@ -20,6 +20,10 @@ marketingskills/
 ├── skills/                # Agent Skills
 │   └── skill-name/
 │       └── SKILL.md       # Required skill file
+├── tools/
+│   ├── clis/              # Zero-dependency Node.js CLI tools (51 tools)
+│   ├── integrations/      # API integration guides per tool
+│   └── REGISTRY.md        # Tool index with capabilities
 ├── CONTRIBUTING.md
 ├── LICENSE
 └── README.md
@ -27,14 +31,19 @@ marketingskills/

 ## Build / Lint / Test Commands

-**Not applicable** - This is a content-only repository with no executable code.
-
-Verify manually:
+**Skills** are content-only (no build step). Verify manually:
 - YAML frontmatter is valid
 - `name` field matches directory name exactly
 - `name` is 1-64 chars, lowercase alphanumeric and hyphens only
 - `description` is 1-1024 characters

+**CLI tools** (`tools/clis/*.js`) are zero-dependency Node.js scripts (Node 18+). Verify with:
+```bash
+node --check tools/clis/<name>.js   # Syntax check
+node tools/clis/<name>.js           # Show usage (no args = help)
+node tools/clis/<name>.js <cmd> --dry-run  # Preview request without sending
+```
+
 ## Agent Skills Specification

 Skills follow the [Agent Skills spec](https://agentskills.io/specification.md).
--- a/tools/clis/README.md
+++ b/tools/clis/README.md
@ -88,6 +88,15 @@ Every CLI reads credentials from environment variables:
 | `wistia` | `WISTIA_API_KEY` |
 | `zapier` | `ZAPIER_API_KEY` |

+## Security
+
+**Never hardcode API keys or tokens in scripts.** All CLIs read credentials exclusively from environment variables.
+
+- Store keys in your shell profile (`~/.zshrc`, `~/.bashrc`) or a `.env` file
+- The `.env` file is gitignored — but double-check before committing
+- Use `--dry-run` on any command to preview the request without sending it (credentials are masked as `***`)
+- If you fork this repo, audit your commits to ensure no secrets are included
+
 ## Command Pattern

 All CLIs follow the same structure: