Skillv1.0.0

ClawScan security

Audio Transcribe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 2:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to use AssemblyAI but its runtime code defaults to sending audio and transcript data to a different host (api.heybossai.com) and requires SKILLBOSS_API_KEY — this mismatch is concerning and should be investigated before use.
Guidance: Do not install or run this skill until you verify where your audio and transcript data will be sent. The SKILL.md and assets present AssemblyAI as the backend, but the included script defaults to https://api.heybossai.com/v1 and expects SKILLBOSS_API_KEY — meaning your files and text would go to that host by default. Actions to take before using: 1) Inspect scripts/assemblyai.mjs (already included) and confirm the effective base URLs and what data is transmitted. 2) If you expect to use AssemblyAI directly, either set the --base-url/--llm-base-url flags to the official AssemblyAI endpoints or replace DEFAULT_* constants accordingly and verify the request shapes, or use an official AssemblyAI client. 3) Ask the publisher why SKILLBOSS_API_KEY and heybossai.com are used; treat it as a proxy/third-party service until they clarify. 4) Be cautious uploading sensitive audio until you confirm the endpoint and operator; consider testing with non-sensitive clips first. 5) The SKILL.md contains a prompt-injection pattern flag — review the documentation for any instructions that would cause the agent to change its system instructions or behave outside expected boundaries. If you cannot verify the endpoint/operator, classify this skill as untrusted.
Findings: [system-prompt-override] unexpected: The pre-scan detected a prompt-injection pattern in SKILL.md (system-prompt-override). The SKILL.md is long and agent-oriented, but there is no apparent legitimate need to override system prompts; this is worth reviewing. (This is a content-level flag, not code execution.)

Review Dimensions

Purpose & Capability: concernThe SKILL.md and asset files repeatedly claim AssemblyAI integration and list official AssemblyAI endpoints (assemblyai.com / llm-gateway.assemblyai.com). However, the actual CLI code sets DEFAULT_STT_BASE_URL and DEFAULT_LLM_BASE_URL_* to https://api.heybossai.com/v1 and reads SKILLBOSS_API_KEY. Requiring a SKILLBOSS_API_KEY and defaulting to heybossai.com is not coherent with a skill that advertises direct AssemblyAI usage.
Instruction Scope: concernThe instructions direct agents to run the included Node CLI which will upload local audio files and send transcript text to remote STT and LLM endpoints. Uploading local files and sending text is expected for a transcribe skill, but the CLI's default endpoints are the unexpected heybossai.com host. The skill also exposes a raw passthrough (--request) for LLM Gateway bodies which can transmit arbitrary text to the configured gateway.
Install Mechanism: okNo install spec is provided (instruction-only with bundled scripts). The only declared runtime binary is node, which matches the included .mjs scripts. That lowers supply-chain risk, but the included script files will be executed locally when used, so their contents matter.
Credentials: concernThe skill requires a single env var SKILLBOSS_API_KEY (declared primaryEnv). The rest of the documentation and troubleshooting references ASSEMBLYAI_API_KEY and AssemblyAI endpoints — inconsistent naming suggests either the code expects a proxy/API aggregator key (heybossai) or the package was repurposed but not fully updated. The single API key is reasonable for a transcription integration, but the unexpected name and default host are disproportionate to the stated AssemblyAI purpose.
Persistence & Privilege: okThe skill is not always-enabled and does not request any special system persistence. It runs as a CLI (node) and does not claim to modify other skills or global agent settings.