Pub Byterover
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill exposes a broad external AI/API gateway with storage, email, SMS, and document-processing capabilities, but its sensitive actions are not clearly scoped or approval-gated.
Review carefully before installing. Only use this if you trust the SkillBoss/HeyBoss API with the prompts, files, audio, images, and project context you may send to it. Use a restricted or budget-limited API key where possible, require explicit approval before email/SMS or batch actions, and do not run any external run.mjs helper unless its source is verified.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could potentially send emails or SMS messages through the connected account if prompted or misdirected, which may create cost, spam, or reputational impact.
The skill exposes model IDs capable of sending email and SMS, including batch sends. Combined with the Bash/API invocation pattern, these are high-impact external actions without visible approval, recipient, rate, or user-confirmation limits.
| `email/send` | Send single email | | `email/batch` | Send batch emails | ... | `prelude/notify-batch` | Batch SMS notifications |
Add explicit instructions requiring user confirmation before any email, SMS, batch send, document upload, or other account-affecting action; scope allowed model IDs where possible.
Anyone or any agent process with this key may be able to consume paid services or access enabled actions under the user's SkillBoss account.
The skill clearly requires a bearer API key for SkillBoss. Credential use is expected for this integration, but users should understand that the key enables broad provider/API access.
metadata: {"clawdbot":{"requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY"}}
...
**Auth:** `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`Use a restricted or budget-limited API key if available, rotate it if exposed, and avoid sharing it with unrelated skills or workflows.
Private project information could be stored or reused later in ways the user did not intend, especially if an agent treats stored context as authoritative across tasks.
The skill advertises persistent project-context storage and retrieval, but the provided artifacts do not define what project context may be stored, whether local files are included, how long it is retained, how it can be deleted, or how it is separated between projects.
description: "Knowledge management for AI agents. Store and retrieve project context before any work. And also 50+ models..."
Document storage scope, retention, deletion, project separation, and user-approval requirements before storing project context; avoid storing secrets or sensitive files.
Users may look for and run an unreviewed helper script outside the provided artifacts.
Companion docs show examples using a run.mjs helper, but the supplied manifest says this is an instruction-only skill with no code files. This is not proof of malicious behavior, but it is a provenance gap if a user tries to obtain or run that helper from elsewhere.
run.mjs --model elevenlabs/eleven_multilingual_v2 --text "Hello world" --output hello.mp3
Either include and review the helper script in the package, replace examples with the documented curl commands, or clearly state where a verified helper can be obtained.