ClawHub
Back to skill
v1.0.3

Sendbl

BenignClawScan verdict for this skill. Analyzed Apr 30, 2026, 12:48 PM.

Analysis

Sendbl appears to be a legitimate instruction-only file-link skill, but it uses a sensitive API key and can create, expose, or delete file-exchange links if misused.

GuidanceInstall this only if you are comfortable giving the assistant access to a Sendbl personal access token. Verify recipients, filenames, upload/download links, and owner tokens before sharing or deleting anything, and revoke or rotate tokens if they are exposed.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
curl -sS -X DELETE "https://api.sendbl.com/v1/uploadLink?token=<owner_token>"

The skill exposes API operations through curl, including an irreversible delete operation. This is aligned with the stated file-link management purpose and the skill says to confirm first, but it can affect external user data.

User impactIf invoked on the wrong token or link, the assistant could delete the wrong Sendbl link and its uploaded files.
RecommendationConfirm the exact link, owner token, and intended action before any delete or other high-impact API call.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
_meta.json
"version": "1.0.2"

The supplied registry metadata says version 1.0.3 while the bundled _meta.json says 1.0.2, and the source is listed as unknown. There are no code files or install scripts, but the provenance/version mismatch is worth noticing.

User impactThe package contents may not be perfectly aligned with the registry metadata, making provenance slightly less clear.
RecommendationVerify the skill source or package version before trusting it with a Sendbl API key.
Unexpected Code Execution
SeverityMediumConfidenceHighStatusNote
SKILL.md
curl -X PUT --data-binary @<local-file> "<presigned_upload_url>"

The skill instructs use of shell commands to upload a local file to a presigned URL. This is expected for the file-transfer purpose, but users should ensure the file path and destination are correct.

User impactA mistaken file path or URL could upload the wrong local file to an external storage destination.
RecommendationOnly run or approve the PUT command after checking the local filename and confirming the recipient/destination.
Cascading Failures
SeverityMediumConfidenceHighStatusNote
SKILL.md
Removes the link and all uploaded files... Confirm with the user before calling — this is irreversible.

A single mistaken delete action can remove a link and all associated uploaded files. The skill appropriately calls for user confirmation, but the action is irreversible.

User impactDeleting the wrong Sendbl link could permanently remove access to uploaded files.
RecommendationBefore deletion, verify the owner token, link identity, and that the user understands the files will be removed.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
create a personal access token... Treat this token as a password... export SENDBL_API_KEY="sk_pat_..."

The skill requires a Sendbl personal access token stored as an environment variable. This is clearly disclosed and necessary for the API, but it is still account-level sensitive authority.

User impactAnyone who obtains the API key may be able to use the user's Sendbl API access.
RecommendationStore the key only in the intended environment, rotate it periodically, and revoke it immediately if it is exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceMediumStatusNote
SKILL.md
owner_token (keep — required for delete and list-files)... Always remind the user to save owner_token and upload_link_id

The skill handles owner tokens and file-access links that may appear in the conversation context. These are expected for Sendbl operations, but they are sensitive capability values.

User impactIf owner tokens or download/upload links are exposed in shared chats, logs, or notes, someone else may access or manage the link.
RecommendationKeep owner tokens and file links private, and avoid storing them in shared or persistent assistant memory unless intentionally needed.