mobile app builder with live link, publishes to app store, create ai apps
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s app-building purpose is coherent, but it gives the agent broad paid and production account powers without clear approval boundaries.
Use this skill only if you trust LaunchPulse with app-building, deployment, publishing, and related account operations. Before running it, tell the agent to ask for explicit confirmation before any billing upgrade, production deployment, app-store publish, domain change, database query, storage upload, env-file write, or payment-secret setup. Protect the stored PAT at ~/.openclaw/launchpulse/auth.json or the configured OPENCLAW_STATE_DIR, and log out when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could spend money, publish or deploy apps, change domains, read project databases, or modify production setup if the user prompt is ambiguous or if the agent acts too broadly.
These are high-impact financial, production, publishing, and data-access operations. The instructions list them for agent execution without an explicit approval, scoping, or rollback requirement.
“/launchpulse upgrade --tier STARTER” (subscribe to Starter) ... “/launchpulse deploy <projectId> --target cloud-run --wait” ... “/launchpulse store-publish <projectId> --payload-file ./store-publish.json --wait” ... “/launchpulse db query <projectId> "select * from users limit 10"”
Require explicit user confirmation for paid upgrades, deploys, app-store publishing, domain changes, database queries, storage uploads, env-file writes, and payment setup; confirm the exact project, files, secrets, costs, and target environment before running them.
Anyone or anything that can read the stored token may be able to act on the user’s LaunchPulse account within that token’s permissions.
The skill clearly discloses persistent LaunchPulse account token storage and alternate token inputs. This is purpose-aligned for a hosted app builder, but it grants delegated account access.
“OpenClaw receives a personal access token (PAT) and stores it locally” ... “Token storage path: `${OPENCLAW_STATE_DIR:-~/.openclaw}/launchpulse/auth.json`” ... “LAUNCHPULSE_PAT / --pat <token>”Use a dedicated or least-privileged LaunchPulse token where possible, protect the .openclaw state directory, avoid sharing logs containing tokens, and run logout when the skill is no longer needed.
A build may continue running and consuming LaunchPulse tokens even after the agent has moved on unless the user monitors or stops it through LaunchPulse controls.
The skill intentionally starts hosted background work. This is disclosed and aligned with the product, but it means work can continue after the local command returns.
“Starts Quick Start (single-pass background build)” and “Returns immediately with project id/session id so progress can be monitored”
Monitor build status and token usage after starting Quick Start or iteration jobs; prefer small test projects before launching larger builds.
Users must trust the bundled script and hosted LaunchPulse service without a clearly declared source repository in the provided metadata.
The artifacts include a sizeable provider client script, but the source provenance is not identified in the registry metadata. No hidden installer or dependency chain is shown.
“Source: unknown” ... “Homepage: https://launchpulse.ai” ... “Code file presence: scripts/launchpulse.cjs (84289 bytes)”
Install only if you trust LaunchPulse, and prefer a version with a verifiable source repository or reviewed script contents.