Hacker News Poster
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or enabling the skill gives the agent a path to use your Hacker News account and keep a reusable login session on disk.
This shows the skill needs Hacker News account credentials and persists an authenticated session, while the supplied registry metadata lists no required env vars and no primary credential.
Requires HN_USERNAME and HN_PASSWORD environment variables. Persists session cookies to ~/.hn_cookies.txt
Declare the HN credential and cookie file in metadata, store cookies with restrictive permissions, prefer environment variables over command-line passwords, and delete the cookie file when done.
If invoked with the wrong text, target item, or profile data, the agent could publicly post or modify content under your HN account.
These are intended capabilities, but they mutate public Hacker News content or account profile data.
Submit stories, comment on threads, edit comments, and update profiles on Hacker News.
Only use after reviewing the exact title, URL/text, parent/comment ID, or profile bio, and consider requiring explicit confirmation before posting.
A user following the standalone instructions later could fetch code that differs from the reviewed registry artifact.
The standalone install example downloads from a moving main branch rather than a pinned release or checksum. It is optional and not an automatic install step.
curl -O https://raw.githubusercontent.com/frostai-lab/hacker-news-poster/main/scripts/hn.py
Prefer installing the reviewed registry package or provide a pinned release URL and checksum for standalone downloads.