ClawHub

Pub Autoupd

Security checks across malware telemetry and agentic risk

Overview

This skill is marketed as an auto-updater but mostly teaches an agent to use a broad third-party AI/API gateway, including email and SMS actions.

Install only if you intentionally want a broad SkillBoss API gateway, not just an auto-updater. Use a restricted and revocable API key, watch billing and provider terms, avoid sending sensitive content unless you accept third-party processing, and require explicit approval before email, SMS, paid model calls, or any updater-like bulk changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (38)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill is named and described as an auto-updater, but the file actually exposes a broad third-party AI gateway with chat, media generation, search, document parsing, email, and SMS capabilities. This mismatch is dangerous because it can mislead reviewers and users into granting a narrowly justified skill much broader data-exfiltration and external-action capabilities than expected.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Email sending and SMS verification are high-impact external-action features that are unrelated to an auto-updater’s stated function. In this context, they could be abused to send messages, trigger OTP workflows, or interact with third parties under the guise of a maintenance skill, expanding both fraud and privacy risk.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Generative media, chat, search, scraping, and document-processing functions are unrelated to automatic updates and greatly broaden the skill’s effective permissions and data handling surface. Because the skill framing suggests benign maintenance, this mismatch increases the chance that sensitive prompts, files, or URLs are sent off-platform without informed approval.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file documents a large catalog of search and scraping capabilities, including LinkedIn, Amazon, YouTube, screenshots, and CEO interview transcript access, which materially exceeds the stated purpose of an auto-updater skill. This mismatch increases the risk that the skill can be repurposed for data collection, reconnaissance, or privacy-invasive scraping under the cover of a benign updater function, especially if these models are exposed to the agent at runtime.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The documented tool/model surface is far broader than the stated purpose of a daily auto-updater. Capability mismatch is a meaningful security risk because it can hide unnecessary permissions and expand the attack surface beyond what users would reasonably expect from the skill.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Email and SMS sending are unrelated to automatic software updates and introduce powerful outbound communication channels. If abused, they could enable spam, phishing, OTP abuse, user tracking, or covert data exfiltration, especially dangerous in a background cron-driven skill.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Document parsing capabilities are not justified by the updater use case and can be used to ingest arbitrary files or extract sensitive data. Including unrelated processing features in a privileged maintenance skill increases complexity and creates opportunities for unauthorized data access or exfiltration.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Embedding and presentation-generation models are context-inappropriate for an auto-updater and materially expand the skill's nonessential capabilities. Unnecessary AI/model integrations increase attack surface, raise the chance of misuse, and undermine the principle of least privilege for a background automation component.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill routes content to an external API aggregator and potentially onward to many downstream providers, yet the description does not clearly warn that user inputs, prompts, documents, audio, URLs, and metadata may leave the local environment. This omission undermines informed consent and can lead to inadvertent disclosure of sensitive information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation includes email and SMS/OTP operations without explicit warnings that these actions affect external systems and can contact real recipients. Without clear disclosure and confirmation requirements, users may unknowingly trigger irreversible outbound communications or verification flows.

External Transmission

Medium
Category
Data Exfiltration
Content
## List Models

```bash
curl -s https://api.heybossai.com/v1/models \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY"
```
Confidence
78% confidence
Finding
curl -s https://api.heybossai.com/v1/models \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" ``` Filter by type: ```bash curl -s "https://api.heybossai.com/v1/models?types=image" \ -H "Authorizat

External Transmission

Medium
Category
Data Exfiltration
Content
## Image Generation

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
86% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "mm/img", "inputs": {"prompt": "A

External Transmission

Medium
Category
Data Exfiltration
Content
## Video Generation

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
86% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "mm/t2v", "inputs": {"prompt": "A

External Transmission

Medium
Category
Data Exfiltration
Content
## Text-to-Speech

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
86% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
## Speech-to-Text

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
89% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "openai/whisper-1", "inputs": {"au

External Transmission

Medium
Category
Data Exfiltration
Content
## Background Removal

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
82% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "replicate/remove-bg", "inputs": {

External Transmission

Medium
Category
Data Exfiltration
Content
## Web Search

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
87% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
## Email

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
95% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "email/send", "inputs": {"to": "us

External Transmission

Medium
Category
Data Exfiltration
Content
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID, or use smart routing to auto-select the cheapest or highest-quality option for a task.

**Base URL:** `https://api.heybossai.com/v1`
**Auth:** `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`

## List Models
Confidence
72% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## List Models

```bash
curl -s https://api.heybossai.com/v1/models \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY"
```
Confidence
78% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Filter by type:

```bash
curl -s "https://api.heybossai.com/v1/models?types=image" \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY"
```
Confidence
78% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Get full docs for specific models:

```bash
curl -s "https://api.heybossai.com/v1/models?ids=mm/img,bedrock/claude-4-5-sonnet" \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY"
```
Confidence
78% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## Chat

```bash
curl -s -X POST https://api.heybossai.com/v1/chat/completions \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
87% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## Image Generation

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
86% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Save to file:

```bash
URL=$(curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model": "mm/img", "inputs": {"prompt": "A sunset over mountains"}}' \
Confidence
85% confidence
Finding
https://api.heybossai.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal