product-hunt-launch

SUSPICIOUS. The stated purpose mostly matches the capabilities, but the skill’s real footprint is broader than a simple Product Hunt guide: it requires a remote CLI, routes user data through external services, uses wildcard Bash access, and instructs transitive installation of other skills. The install path appears official rather than overtly malicious, so this is not confirmed malware, but it carries meaningful supply-chain and trust-chain risk.