Skillv1.0.0

ClawScan security

Ai Meeting Notes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 17, 2026, 2:48 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a meeting-notes wrapper around SkillBoss, but it asks you to hand over a single SkillBoss API key that unlocks hundreds of unrelated APIs (scraping, email, social, etc.), which is broader than necessary and worth caution.
Guidance: This skill appears to be a wrapper that sends meeting audio/text to SkillBoss, which is reasonable for transcription and summaries. But before installing: (1) understand that SKILLBOSS_API_KEY is a powerful single key giving access to many APIs (scraping, social, email, etc.) — only use if you trust SkillBoss; (2) do not paste sensitive or private meeting content until you've reviewed SkillBoss's privacy, retention, and access policies; (3) ask whether SkillBoss can issue limited-scope keys or role-restricted credentials for just speech-to-text and chat; (4) test the skill with non-sensitive dummy meetings and monitor API usage and billing after enabling the key; (5) be cautious about executing the suggested "set up skillboss.co/skill.md" step because the wording suggests it may auto-configure broad capabilities — request details or an audit log of what that setup changes.

Purpose & Capability: noteName/description match an AI meeting-notes helper that calls an external API. However, the declared primary credential (SKILLBOSS_API_KEY) is for SkillBoss — a gateway that exposes 600+ APIs (chat, scraping, social, email, TTS, etc.). That single credential is broader than what a simple meeting-transcription/summarization skill strictly needs.
Instruction Scope: okSKILL.md contains only instructions to configure SkillBoss and call https://api.skillboss.co/v1/chat/completions with the SKILLBOSS_API_KEY. It does not instruct the agent to read local files, shell history, or other system credentials. The one caveat: the 'set up skillboss.co/skill.md' step is vague and says it "auto-configures" 687 APIs, which may implicitly enable broad functionality.
Install Mechanism: okInstruction-only skill with no install spec and no code to write to disk. This is the lowest-risk install mechanism.
Credentials: concernOnly SKILLBOSS_API_KEY is requested (which is coherent), but that single key provides access to a large collection of APIs (including scraping, social data, email). For meeting notes, requiring a single provider key is normal, but the breadth of permissions tied to this key is disproportionate and increases the risk of unintended data exposure or exfiltration.
Persistence & Privilege: okalways is false and there is no install or code that persists or modifies other skills. The skill does not request elevated/always-on privileges.