Hacker News Poster
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Hacker News posting purpose, but it under-declares sensitive HN credentials/session storage and can make public account changes.
Use this only if you are comfortable giving the agent access to your Hacker News account. Review every post/comment/profile change before sending, set credentials carefully, protect or delete ~/.hn_cookies.txt after use, and prefer the reviewed package over downloading an unpinned script.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or enabling the skill gives the agent a path to use your Hacker News account and keep a reusable login session on disk.
This shows the skill needs Hacker News account credentials and persists an authenticated session, while the supplied registry metadata lists no required env vars and no primary credential.
Requires HN_USERNAME and HN_PASSWORD environment variables. Persists session cookies to ~/.hn_cookies.txt
Declare the HN credential and cookie file in metadata, store cookies with restrictive permissions, prefer environment variables over command-line passwords, and delete the cookie file when done.
If invoked with the wrong text, target item, or profile data, the agent could publicly post or modify content under your HN account.
These are intended capabilities, but they mutate public Hacker News content or account profile data.
Submit stories, comment on threads, edit comments, and update profiles on Hacker News.
Only use after reviewing the exact title, URL/text, parent/comment ID, or profile bio, and consider requiring explicit confirmation before posting.
A user following the standalone instructions later could fetch code that differs from the reviewed registry artifact.
The standalone install example downloads from a moving main branch rather than a pinned release or checksum. It is optional and not an automatic install step.
curl -O https://raw.githubusercontent.com/frostai-lab/hacker-news-poster/main/scripts/hn.py
Prefer installing the reviewed registry package or provide a pinned release URL and checksum for standalone downloads.