Back to skill
Skillv1.0.0
ClawScan security
Pub Byterover · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 6:13 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill largely appears to be an API client/aggregator for a third‑party service (api.heybossai.com) and requires a single API key, but the instructions and metadata have mismatches (missing declared tool requirements, promised 'knowledge management' features not shown) and it will send any uploaded project/context data to an external endpoint you must trust.
- Guidance
- This skill directs the agent to send data to a third‑party API (api.heybossai.com) using the SKILLBOSS_API_KEY. Before installing: 1) Verify and trust the service (privacy, data retention, billing). 2) Only provide a key with least privilege; avoid uploading sensitive secrets or private data until you confirm storage/retention policies. 3) Note the SKILL.md assumes command-line tools (curl, jq, node/run.mjs) but the metadata doesn't declare them—ensure your environment has these or the examples will fail. 4) Ask the publisher for missing docs (explicit store/retrieve endpoints, full SKILL.md, and domain ownership). 5) If you suspect misuse, rotate the API key and stop using the skill.
Review Dimensions
- Purpose & Capability
- concernThe description promises 'knowledge management' (store/retrieve project context) and 50+ models. The SKILL.md shows many model invocation endpoints (chat, image, video, TTS, STT, etc.) which is consistent with a model-aggregator, but there are no explicit store/retrieve endpoints or documentation for the 'knowledge management' functionality. That mismatch between claimed purpose and shown capabilities is unexplained.
- Instruction Scope
- concernRuntime instructions are cURL examples that send requests (and any payloads) to https://api.heybossai.com/v1 using the SKILLBOSS_API_KEY. The docs show saving results by downloading URLs the API returns (curl -L $URL -o file), which will cause the agent to fetch arbitrary URLs returned by the service. The SKILL.md also contains examples referencing jq and run.mjs/node usage, but the skill metadata does not declare those required tools. The doc is truncated in the package, leaving some behavior unclear.
- Install Mechanism
- noteThis is instruction-only (no install spec), which is lower disk/write risk. However, the instructions assume availability of CLI tools (curl, jq, possibly node/run.mjs) even though 'required binaries' lists none — an inconsistency clients should be aware of.
- Credentials
- okOnly one credential (SKILLBOSS_API_KEY) is required and it's the primary credential used to call the documented API. That is proportionate to a third-party API client. Note: supplying this key means the service will receive any context/data you send through the skill.
- Persistence & Privilege
- okalways is false, no install or config paths are requested, and the skill does not request system-wide privileges. It does not ask to modify other skills or agent settings.