ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gumroad Launcher

v1.0.0

Research a digital product niche, generate the product (ebook, template, script, checklist, or skill), write high-converting Gumroad sales copy, and publish...

0· 125·0 current·0 all-time
by@michelle447

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for michelle447/gumroad-launcher.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Gumroad Launcher" (michelle447/gumroad-launcher) from ClawHub.
Skill page: https://clawhub.ai/michelle447/gumroad-launcher
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gumroad-launcher

ClawHub CLI

Package manager switcher

npx clawhub@latest install gumroad-launcher
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims end-to-end Gumroad publishing but the manifest declares no required credentials or env vars. The SKILL.md shows example API calls requiring an ACCESS_TOKEN and references a packaging script (package_skill.py) that is not included. Also calls out specific external accounts (Dawn's, MJ's) without explaining credential handling — these mismatches are disproportionate to the stated purpose.
!
Instruction Scope
Runtime instructions ask the agent to perform web_search, create files under ~/workspace/products/[slug]/, convert/zip files, and call Gumroad via web_fetch or exec. Using exec grants broad shell capability and the doc is vague about where/access tokens come from. The guidance to use another named account (Dawn) is unexpected and potentially risky. Overall the steps stay within the general product-publishing scope, but crucial operational details are missing or ambiguous.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal disk footprint and no third-party downloads. This is the lowest-risk install model.
!
Credentials
No required env vars are declared, yet the SKILL.md demonstrates API calls that require an Authorization bearer token (ACCESS_TOKEN). The presence of named external accounts (Dawn's, MJ's) further complicates credential handling. The skill should declare which credentials it needs (e.g., GUMROAD_ACCESS_TOKEN) and how they will be provided; its current omission is disproportionate and ambiguous.
Persistence & Privilege
Flags show always:false and no special persistence requests. The skill does request writing product files to ~/workspace/products/[slug]/ which is reasonable for its purpose and is not a system-wide persistence privilege.
What to consider before installing
Before installing or invoking this skill: 1) Ask the skill author to explicitly declare required environment variables (e.g., GUMROAD_ACCESS_TOKEN) and how they expect tokens to be provided — do not assume the skill will 'know' or fetch tokens. 2) Do not use or attempt to use credentials for third parties named in the doc (e.g., 'dawn@marathondm.com') unless you have explicit permission; clarify why those accounts are mentioned. 3) Verify the referenced packaging script (package_skill.py) exists and inspect it; running unknown packaging/upload scripts can execute arbitrary code. 4) If the agent will run exec/web_fetch calls, run it in an isolated environment (limited permissions, disposable workspace) and ensure secrets are supplied only via secure env vars, not embedded in prompts. 5) Confirm where product files are written and that nothing sensitive will be packaged or uploaded. 6) If you need higher assurance, request the author add explicit env var requirements, remove hardcoded account references, and provide minimal, clear examples showing how to supply an ACCESS_TOKEN securely. These changes would reduce the current ambiguities and make the skill safer to use.

Like a lobster shell, security has layers — review code before you run it.

digital-productsvk97ds7ax5cc1cht7jc3b8wm52h84747rgumroadvk97ds7ax5cc1cht7jc3b8wm52h84747rlatestvk97ds7ax5cc1cht7jc3b8wm52h84747rpassive-incomevk97ds7ax5cc1cht7jc3b8wm52h84747rsalesvk97ds7ax5cc1cht7jc3b8wm52h84747r
125downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@michelle447
digital-productsgumroadlatestpassive-incomesales
Download

Gumroad Launcher

Full pipeline: niche research → product creation → copy → publish.

Step 1: Niche Research

Use web_search to validate the product idea:

  • Search: "[topic] template gumroad" — check how many exist and what they sell for
  • Search: "[topic] cheatsheet filetype:pdf" — gauge free competition
  • Search: site:gumroad.com "[topic]" — see real listings and prices

Green lights: < 20 competitors, clear pain point, people pay $9–$49 for similar things.

Step 2: Create the Product

Based on product type:

Skill (.skill file): Build using skill-creator workflow. Package with package_skill.py.

Markdown ebook/guide: Write directly, save as product/[slug].md. Convert to PDF if needed.

HTML template: Build the file(s), zip into product/[slug].zip.

Checklist/cheatsheet: Create as a clean single-page HTML or Markdown file.

Prompt pack: Write 10–25 tested prompts, save as product/[slug].md.

Save everything to: ~/workspace/products/[slug]/

Step 3: Write Sales Copy

Use this structure for the Gumroad description:

**[HEADLINE — outcome-focused, under 10 words]**

[1-2 sentence hook — the pain this solves]

**What you get:**
- [Deliverable 1]
- [Deliverable 2]
- [Deliverable 3]

**Who this is for:**
[2-3 sentences describing the ideal buyer]

**Why it works:**
[1 paragraph — the mechanism / why this approach is different]

**[Price justification — what they'd pay otherwise or time saved]**

[CTA: "Get instant access →"]

See references/copy-examples.md for real examples.

Step 4: Set Pricing

Product TypeSuggested Price
Single skill / template$9–$19
Workflow / system$19–$29
Bundle (3–5 items)$37–$57
Course / deep guide$49–$97

Default: price at $19 for first launch, raise after 10 sales.

Step 5: Publish to Gumroad

Use web_fetch or exec to interact with Gumroad API.

Gumroad credentials: dawn@marathondm.com account (Dawn's store — do NOT use for MJW products) MJW Gumroad: Use MJ's account for all MJW Design Studio products.

Gumroad API base: https://api.gumroad.com/v2

Create product:

$body = @{
  name = "[Product Name]"
  description = "[Sales copy from Step 3]"
  price = 1900  # in cents
  url = "https://mjwdesignstudio.com"
} | ConvertTo-Json
Invoke-RestMethod -Uri "https://api.gumroad.com/v2/products" -Method POST -Body $body -Headers @{ Authorization = "Bearer [ACCESS_TOKEN]" }

After creating, upload the product file via the Gumroad dashboard or API.

Output

Always report:

  • ✅ Product file location
  • ✅ Gumroad listing URL
  • ✅ Suggested price
  • ✅ Sales copy (full text, ready to paste)

Comments

Loading comments...