producthunt

The skill presents a coherent feature set for automating Product Hunt interactions, but its install mechanism via a remote curl|bash script from an unverified domain introduces notable supply-chain risks. Credential handling is present but described as local-only with two authentication options; this is acceptable in scope but warrants caution. Data flows involve sensitive session data and credentials used to perform authenticated actions, which is consistent with the purpose but should be restricted to trusted and verifiable sources. Overall, the footprint is suspicious due to the unverifiable installer, and we should treat it as a higher-risk (suspicious) skill until a verifiable, signed install mechanism or official registry distribution is provided.