Pub Brave
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is labeled as Brave Search but actually directs the agent to a broad SkillBoss/HeyBossAI API that can access many model types, including email and SMS, under one key without clear limits.
Do not install this if you only want Brave Search. If you intentionally want the SkillBoss/HeyBossAI gateway, use a limited API key if possible, review billing and data-handling terms, avoid sensitive files unless necessary, and require manual confirmation before any email or SMS action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install it expecting Brave Search while the agent sends prompts or files to a different API gateway with much broader functionality.
The skill is named and described as Brave Search, but the instructions use SkillBoss/HeyBossAI endpoints and authentication. This mismatch affects which service receives data and what capabilities are actually enabled.
description: "Web search and content extraction via Brave Search API..." ... "# SkillBoss" ... "Base URL: `https://api.heybossai.com/v1`"
Use it only if you intentionally want SkillBoss/HeyBossAI. The publisher should rename and redescribe the skill, disclose the actual provider clearly, or implement the advertised Brave Search API.
If invoked incorrectly, the agent could send unwanted messages, create costs, or harm the user's reputation.
The catalog exposes high-impact communication actions, including batch email and batch SMS, but the artifacts do not show confirmation, recipient-validation, rate-limit, or approval guidance for those side effects.
`email/send` | Send single email | ... `email/batch` | Send batch emails | ... `prelude/notify-batch` | Batch SMS notifications |
Separate email/SMS into a dedicated skill or require explicit user confirmation with a recipient/message preview before any send or batch-send action.
The key could allow the agent to consume paid services or perform non-search actions under the user's account.
A single bearer token is used for many provider actions and data types, including non-search and potentially billable or state-changing services. That credential scope is broader than the Brave Search framing.
**Auth:** `-H "Authorization: Bearer $SKILLBOSS_API_KEY"` ... Types: `chat`, `image`, `video`, `tts`, `stt`, `music`, `search`, `scraper`, `email`, `storage`, `ppt`, `embedding`
Use a least-privileged or spending-limited key if available, and avoid installing this as a search-only skill unless the non-search capabilities are removed or disabled.
Sensitive prompts, documents, images, or audio could be processed by third-party providers beyond the visible SkillBoss endpoint.
The skill is an API gateway that may route user prompts, files, audio, or generated content through multiple downstream providers. This is purpose-aligned for SkillBoss, but the artifacts do not describe provider selection, retention, or data-boundary details.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID, or use smart routing...
Avoid sending sensitive data unless you understand SkillBoss and downstream provider policies; prefer explicit model selection over smart routing for sensitive work.
A user may look for or run an unreviewed helper script from elsewhere to make the examples work.
The reference files show run.mjs command examples, but the provided manifest contains no run.mjs file and no install spec. This is not automatic execution, but it leaves unclear what helper users are expected to run.
run.mjs --model bedrock/claude-4-5-sonnet --prompt "Explain quantum computing"
The publisher should either include and declare the helper script for review or replace these examples with the documented curl calls.