Product Hunt Launch

v0.1.0

Track your Product Hunt launch stats (Rank, Upvotes, Comments) in real-time via CLI.

⭐ 1· 2.3k·3 current·3 all-time

by@abakermi

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

!

Purpose & Capability

The description promises a CLI tool (ph-launch) to monitor Product Hunt. However, the skill declares no required binaries and contains no install spec or code files. A consumer/agent cannot actually run the described commands unless an external ph-launch binary is present; the SKILL.md does not tell you where to get it. This mismatch between claimed capability and what is provided is incoherent.

ℹ

Instruction Scope

The runtime instructions are narrowly scoped (asking the user to set PH_API_TOKEN and showing ph-launch commands). They do not request unrelated files, credentials, or system data. However, because the instructions assume an external CLI exists, they delegate execution to an unspecified external component — the skill gives broad discretion to run that CLI but doesn't document or vet it.

!

Install Mechanism

There is no install specification and no code bundled with the skill. While instruction-only skills are common and lower risk, here the absence is problematic because the SKILL.md refers to a specific binary (ph-launch) without telling how to obtain or verify it. That gap reduces usefulness and creates an opportunity for confusion or misuse.

✓

Credentials

The skill requests a single environment variable, PH_API_TOKEN, which is appropriate and expected for accessing the Product Hunt API. There are no unrelated environment variables or config paths requested.

✓

Persistence & Privilege

The skill does not request persistent presence (always is false) and does not attempt to modify system or agent-wide settings. Autonomous invocation is allowed (platform default) but not combined with other red flags here.

What to consider before installing

This skill describes a CLI (ph-launch) that needs a Product Hunt developer token (PH_API_TOKEN) and otherwise contains no code or install instructions. Before installing or using it: 1) Ask the publisher where to obtain the ph-launch binary and for its official installation instructions and source (GitHub release, package registry, etc.). 2) Verify the binary's provenance and check for a reputable upstream source; do not run an unknown binary. 3) Only provide PH_API_TOKEN with the minimal scopes needed; consider creating a dedicated token you can revoke. 4) If the author can't provide an install/source link, treat the skill as incomplete/untrusted — it will not function as advertised and could encourage you to run unvetted software.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bqnk921v1ntnfwsn3bdwnq1809y62

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis

EnvPH_API_TOKEN