Skills
skills/openclaw/skills/product-hunt-launch/Gen Agent Trust Hub

product-hunt-launch

Warn

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis

================================================================================

🟡 VERDICT: MEDIUM

This skill's core functionality depends on an external executable, 'ph-launch', which is not provided within the skill's files. The skill instructs the user to set a sensitive environment variable, PH_API_TOKEN, and then execute ph-launch commands. Since the ph-launch binary is not auditable as part of this skill, its behavior is unknown. If a malicious version of ph-launch were installed by the user, it could potentially exfiltrate the PH_API_TOKEN or other sensitive data, or execute arbitrary commands.

Total Findings: 1

🟡 MEDIUM Findings: • Unverifiable External Executable

  • SKILL.md:16: The skill relies on an external executable ph-launch which is not provided or linked within the skill's files. This binary handles a sensitive API token (PH_API_TOKEN) and its behavior cannot be audited, posing a risk of credential misuse or data exfiltration.

================================================================================

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 13, 2026, 09:44 AM