← Back to Skills Marketplace

mobile app builder with live link, publishes to app store, create ai apps

Name: mobile app builder with live link, publishes to app store, create ai apps
Author: versacexcodes

by VersaceXcodes · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

644

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install mobile-app-builder-ai

Description

Build full-stack web and mobile apps from a text description. Creates projects, plans features, and starts Quick Start builds for background execution.

Usage Guidance

This skill appears to implement what it claims (building, iterating, and publishing apps), but it will: (1) start a device-login flow or accept personal tokens and then save a PAT to ~/.openclaw/launchpulse/auth.json (or a custom OPENCLAW_STATE_DIR), (2) accept many optional external-service tokens (GitHub, Fly, Stripe, RevenueCat) necessary for deployment/publishing, and (3) send project data to a hosted API (api.launchpulse.ai by default). Before installing or using it: inspect the included script, confirm the API base URL is legitimate, avoid entering high-privilege production secrets unless necessary (use least-privilege or temporary tokens), consider setting OPENCLAW_STATE_DIR to a controlled location, and delete local auth.json when done. If you need higher assurance, run the skill in a sandboxed environment or review network traffic to verify what data is sent.

Capability Analysis

Type: OpenClaw Skill Name: mobile-app-builder-ai Version: 1.0.0 The skill is classified as suspicious due to multiple critical vulnerabilities. The `SKILL.md` instructions pose a prompt injection risk, as they direct the OpenClaw agent to execute `node` commands with user-controlled input (e.g., `<description>`, `<change request>`) directly interpolated, potentially leading to shell injection against the agent's host. Additionally, the `scripts/launchpulse.cjs` script contains a Local File Inclusion (LFI) vulnerability, where user-supplied file paths for `--payload-file`, `--vars-file`, and `--contact-file` are read directly using `fs.readFileSync`, allowing arbitrary file access on the agent's system. The `db query` command also passes raw user SQL to the backend API, creating a potential SQL injection vulnerability in the overall system. While these are severe flaws, there is no clear evidence of intentional malicious behavior (e.g., exfiltration to an attacker-controlled domain, persistence mechanisms) within the provided files, indicating they are likely vulnerabilities rather than deliberate malware.

Capability Assessment

ℹ Purpose & Capability

Name/description claim to build web/mobile apps and publish them; the included script and CLI options actually implement that (API calls to a hosted LaunchPulse service, deploy/publish workflows, support for GitHub/Fly/Stripe tokens). This capability set is coherent with the stated purpose. However, the registry metadata claims 'no required env vars' and 'no required config paths' while SKILL.md and the script actually rely on and store authentication under the OpenClaw state directory—an omission in the manifest.

ℹ Instruction Scope

SKILL.md instructs the agent to run the provided node script from the OpenClaw workspace and to pass/accept files like payload JSON, .env files, and other user-supplied files. The script performs network requests to the LaunchPulse API, may upload project data and read/write the user's OpenClaw state directory. All of this is consistent with an app builder, but it means the skill will read/write local files and transmit data to api.launchpulse.ai (or an overridden API base).

✓ Install Mechanism

No install spec; the skill is instruction-only but includes a JS script. There is no remote binary download or installer; the script uses standard Node APIs and global fetch. This is a low-risk installation mechanism in itself.

⚠ Credentials

The metadata declares no required env vars or config paths, yet SKILL.md and the script reference multiple environment variables (LAUNCHPULSE_PAT/LAUNCHPULSE_API_KEY/LAUNCHPULSE_ACCESS_TOKEN, LAUNCHPULSE_API_BASE_URL, and many optional tokens/keys for GitHub, Fly, Stripe, RevenueCat, etc.) and will store a PAT at ${OPENCLAW_STATE_DIR:-~/.openclaw}/launchpulse/auth.json. Requesting or accepting service credentials is proportionate to deploy/publish functionality, but failing to declare the config path and the range of optional credentials in the registry metadata is an inconsistency and a privacy/security concern.

✓ Persistence & Privilege

The skill stores a personal access token locally (auth.json under the OpenClaw state dir) and uses it for API calls — this is expected for a CLI that talks to a hosted service. always:true is not set. The skill does not request system-wide privileges or modify other skills' configurations per the provided files.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install mobile-app-builder-ai
After installation, invoke the skill by name or use /mobile-app-builder-ai
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of LaunchPulse (Web + Mobile App Generator): - Build web and Expo mobile apps from a text description, including feature planning and background builds. - Project/session context is provided immediately for real-time progress monitoring. - Full support for production operations: deployment, app store publishing, domains, database, storage, and environment setup. - Simple authentication with automatic device-login; support for manual token/API key input. - Token-based billing with free and paid tiers and add-on packs. - Run via standardized CLI commands for login, project creation, iteration, and production tasks.

Metadata

Slug mobile-app-builder-ai

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is mobile app builder with live link, publishes to app store, create ai apps?

Build full-stack web and mobile apps from a text description. Creates projects, plans features, and starts Quick Start builds for background execution. It is an AI Agent Skill for Claude Code / OpenClaw, with 644 downloads so far.

How do I install mobile app builder with live link, publishes to app store, create ai apps?

Run "/install mobile-app-builder-ai" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is mobile app builder with live link, publishes to app store, create ai apps free?

Yes, mobile app builder with live link, publishes to app store, create ai apps is completely free (open-source). You can download, install and use it at no cost.

Which platforms does mobile app builder with live link, publishes to app store, create ai apps support?

mobile app builder with live link, publishes to app store, create ai apps is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created mobile app builder with live link, publishes to app store, create ai apps?

It is built and maintained by VersaceXcodes (@versacexcodes); the current version is v1.0.0.

More Skills