Pub Clawdhub
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is broadly capable and can use Bash plus your API key for high-impact actions like skill publishing and batch email/SMS, but the provided artifacts do not define clear guardrails.
Review this skill before use. Only provide a SkillBoss API key if you trust the publisher and service, avoid sending sensitive data unless provider terms are acceptable, and require explicit confirmation before any skill installation/update/publish or email/SMS operation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-broad agent action could change installed skills, publish content, or send communications from the user's account.
The skill advertises high-impact actions such as installing/updating/publishing agent skills and email/SMS capability while enabling Bash, but the provided instructions do not clearly bound when those actions require explicit user confirmation or what scope is allowed.
description: "Use the ClawdHub CLI to search, install, update, and publish agent skills. And also 50+ models ... email, and SMS." allowed-tools: Bash, Read
Use only with explicit user-directed commands for installation, publishing, email, and SMS; require review of recipients, payloads, target skills, and publishing scope before execution.
The agent could send messages to one or many recipients, potentially causing privacy, spam, cost, or reputational issues if used without careful review.
The documented tool models include single and batch outbound email/SMS operations. These are purpose-aligned with the advertised service, but they are high-impact account actions and the artifacts do not define recipient limits, anti-spam controls, or approval requirements.
| `email/send` | Send single email | | `email/batch` | Send batch emails | ... | `prelude/notify-send` | Send SMS notification | | `prelude/notify-batch` | Batch SMS notifications |
Require explicit confirmation for each send or batch operation, including recipients, content, sender identity, and expected costs.
API calls may consume quota, incur costs, or perform actions under the user's SkillBoss/HeyBossAI account.
The skill explicitly requires and uses a SkillBoss API key for authenticated API calls. This is expected for the advertised integration, but it delegates account authority to the agent.
metadata: {"clawdbot":{"requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY"}}
...
**Auth:** `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`Use a dedicated, least-privilege API key if available, monitor usage, and avoid exposing the key in chat or command output.
Prompts, documents, audio, images, or message content may be processed by HeyBossAI and selected third-party providers.
The skill routes user content through a gateway and potentially to multiple downstream providers. This is disclosed and aligned with the purpose, but the artifacts do not detail downstream data handling or retention.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID, or use smart routing to auto-select the cheapest or highest-quality option for a task.
Do not send secrets, regulated data, or private documents unless the provider terms and routing behavior are acceptable.
Users have less information to verify who maintains the skill or whether the documented commands match an official project.
The registry metadata does not provide a source repository or homepage, which limits provenance review. This is not malicious by itself, especially for an instruction-only skill, but it matters because the skill asks for an API key and supports high-impact actions.
Source: unknown Homepage: none
Verify the publisher and service independently before installing, and prefer documented official sources for credentials and CLI usage.