Phy App Launcher

The skill mostly does what it says (create macOS .app launchers) but includes a hard-coded third‑party API key and automatic calls to an external icon-generation service, which is disproportionate and potentially privacy/billing-risky.

This skill does what it says (creates clickable macOS .app launchers), but the included script embeds and uses a third‑party FAL AI API key to auto-generate icons without making that obvious in the SKILL.md. That means the script will make network calls using the author's credential (possible billing, abuse, or data-leak risk) and could send identifiable information (e.g., project/app name) to the external service. Before installing or running: (1) inspect the script yourself or run it in a contained environment; (2) prefer a version that removes the hard-coded FAL key or prompts you to provide your own FAL_KEY if you want icon generation; (3) if you don't need auto-icon generation, run with that feature disabled or remove the fal_client sections; (4) if you must use the feature, set your own FAL_KEY in your environment rather than relying on the embedded token. If you are not comfortable auditing the code, treat this skill as potentially risky and avoid running it with network access or on sensitive projects.