Back to skill
Skillv1.0.0
ClawScan security
Pub Pdf · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 8:21 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's name promises a PDF-focused toolkit, but the runtime instructions are a generic third‑party model/API proxy (heybossai.com) that routes many model types — this mismatch and reliance on an unknown external service warrants caution.
- Guidance
- This skill's name and description promise PDF utilities, but the instructions point to a generic third‑party model API (api.heybossai.com) that can run many model types and would see any data you send. Before installing: verify the vendor (heybossai.com), read its privacy/TOS and where data is routed, and consider the risk of uploading sensitive documents. Use a disposable or scoped API key, test only with non-sensitive sample files, and confirm billing/costs. If you only need offline or local PDF processing, prefer a dedicated local tool or a well-known vendor rather than an unknown model-proxy service.
Review Dimensions
- Purpose & Capability
- concernName/description advertise a PDF manipulation toolkit, but the SKILL.md contains generic SkillBoss API documentation exposing 50+ model types (chat, image, video, TTS, STT, etc.). The declared requirements (a single SKILLBOSS_API_KEY) and instructions do not match a narrowly scoped PDF tool — the skill appears to be a general model‑proxy rather than a focused PDF manipulator.
- Instruction Scope
- concernRuntime instructions tell the agent to call https://api.heybossai.com/v1 with curl and to route arbitrary model runs (including uploading/embedding file contents as base64 in examples). That means user documents or audio could be sent to an external, unspecified provider. The instructions give broad discretion to call many model endpoints rather than providing narrowly scoped PDF operations or explicit file-handling safeguards.
- Install Mechanism
- okNo install spec and no code files beyond documentation — the skill is instruction-only and does not write artifacts to disk during install. This lowers local install risk.
- Credentials
- concernOnly SKILLBOSS_API_KEY is required (which is coherent for a single proxy API), but that one key grants broad access to many model providers via the SkillBoss service. The skill has unknown source/homepage and will expose data to a third party; requiring a single API key for a multi-provider proxy is potentially disproportionate for a PDF-focused capability.
- Persistence & Privilege
- okalways:false (default) and there are no required config paths or claims to modify other skills or system settings. The skill does not request persistent elevated privileges.