Trust Assessment
product-hunt-launch received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill requires and uses sensitive API token.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill requires and uses sensitive API token The skill's manifest declares a requirement for the `PH_API_TOKEN` environment variable, and the setup instructions in `SKILL.md` guide the user to provide this token. This token is a sensitive credential used to authenticate with the Product Hunt API. While the provided context does not show malicious harvesting, any skill handling sensitive API keys introduces a risk if not implemented securely. The actual code for handling this token is not provided, so its security cannot be fully assessed. Review the skill's source code to ensure the `PH_API_TOKEN` is handled securely, stored only in memory, not logged, and used with the principle of least privilege. Advise users about the sensitivity of this token. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/f9d5703e8ab55edf)
Powered by SkillShield