Skillv1.0.0

ClawScan security

Pub Humanizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 6:09 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is presented as a 'Pub Humanizer' but its instructions are a generic multi-model API reference for a third‑party service (heybossai.com) that requires you to provide a single API key — the published contents and required secrets don't match the narrow purpose implied by the name.
Guidance: This skill is suspicious mainly because its name implies a single, narrow 'humanizer' capability while the SKILL.md is a generic client for a third‑party multi-model API (heybossai.com). Before installing: (1) Confirm the provider (heybossai) is a service you trust — check privacy, data retention, and billing policies; (2) Only provide an API key with the minimum necessary privileges and consider using an account dedicated to this skill; (3) Expect that any text you send will be transmitted to that external API (avoid sending sensitive data); (4) Note that the docs assume command-line tools (jq) and a run.mjs helper that are not declared — verify your runtime has those tools or the examples may fail; (5) If you expected a standalone 'humanizer' that runs locally, this is not it — this skill delegates work to a remote service. If you want to proceed, validate the SKILLBOSS account and key scope and test with non-sensitive data first.

Review Dimensions

Purpose & Capability: concernThe skill name/description suggests a focused 'remove AI traces / humanize text' tool, but SKILL.md is a general SkillBoss API reference exposing 50+ models (chat, image, video, TTS, STT, etc.). Requiring SKILLBOSS_API_KEY is consistent with the documentation but disproportionate for a single-purpose humanizer and may mislead users about scope and the credential they'll be handing over.
Instruction Scope: concernSKILL.md contains curl examples that send user data to https://api.heybossai.com and shows how to download assets; it therefore instructs transmitting content to a third party (expected for an API client). It also references helper commands/tools not declared as requirements (jq, and run.mjs/node invocations in sample files). The instructions do not confine what data is sent — any text you pass could be forwarded to that external API.
Install Mechanism: noteThere is no install spec (instruction-only), which is lower risk because nothing is installed by the skill itself. However, the docs assume command-line tooling (jq, run.mjs) that the skill metadata does not declare or install — this mismatch could cause runtime errors or entangle you with undocumented tooling.
Credentials: noteThe skill only requests one env var (SKILLBOSS_API_KEY), which is reasonable for a gateway API. But that single key appears to grant broad access to many model types and functionality (and thus to any data you send). The skill does not declare finer-grained scopes or explain the provider's data-retention / billing behavior.
Persistence & Privilege: okalways is false and no install or persistent system-wide changes are requested. The skill can be invoked normally by the agent; there is no elevated persistence requested.