Skillv1.0.0

ClawScan security

Pub Brave · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 6:11 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation and runtime instructions are inconsistent: it advertises Brave Search but actually routes calls to a third-party aggregator (heybossai) and asks only for a single SKILLBOSS_API_KEY, which is unexpected and deserves caution.
Guidance: Do not install or provide secrets until you verify the provider and intent. Specific steps: 1) Confirm whether you actually want 'Brave Search' or an aggregator — ask the skill author to explain why the skill advertises Brave but uses https://api.heybossai.com. 2) Verify the origin of SKILLBOSS_API_KEY (who issues it, what permissions/quotas it grants, billing, data retention, and privacy policies for heybossai). 3) If you test, use a limited-scope or throwaway key and monitor network/billing activity. 4) Consider whether you trust an unknown owner ID with a single key that can access many downstream models/providers. 5) If you need only Brave Search, prefer a skill that explicitly uses Brave endpoints and requires the expected BRAVE_API_KEY.

Review Dimensions

Purpose & Capability: concernThe skill name/description claim 'Brave Search' / 'Brave Search API', but the SKILL.md shows calls to https://api.heybossai.com/v1 (SkillBoss) and documents 50+ models across many providers. That mismatch between advertised provider (Brave) and actual endpoints is incoherent and could be misleading.
Instruction Scope: noteRuntime instructions are concrete curl examples against heybossai endpoints and model IDs; they do not instruct reading unrelated files or other env vars. However the top of SKILL.md lists allowed-tools 'Bash, Read' (Read could permit file reads), so confirm the agent will not be allowed to read arbitrary files if you are concerned. No data-exfiltration steps are present in the visible instructions, but the documented use of a single aggregator key means external network calls will be made to a third-party service.
Install Mechanism: okThis is instruction-only with no install spec or code files to execute. That lowers install-time risk because nothing is downloaded or written automatically.
Credentials: concernOnly SKILLBOSS_API_KEY is required and declared, which matches the SKILL.md examples. The concern is that the skill advertises Brave Search but only asks for the aggregator key (SKILLBOSS_API_KEY) — if you expected Brave, this is inconsistent. Also, a single aggregator key may grant far broader access (many models/providers) and could incur charges or transmit data to the aggregator; there is no homepage or publisher documentation to verify scope or security.
Persistence & Privilege: okalways is false and the skill does not request persistent/privileged presence or modify other skills or system-wide settings.