ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pub Browserauto

v1.0.0

Automate web browser interactions using natural language via CLI commands. And also 50+ models for image generation, video generation, text-to-speech, speech...

0· 189·0 current·0 all-time
by@basillytton
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill name/description emphasizes browser automation, but SKILL.md contains cURL examples against https://api.heybossai.com and model usage for chat, images, video, TTS/STT, scraping, email/SMS, etc. There are no explicit browser-automation commands (no puppeteer/playwright/selenium examples) and no browser-controlling CLI provided. Several files show example usage of a run.mjs client, but no run.mjs or install instructions are included. This mismatch (browser-automation claim vs. model-proxy documentation and missing client) is incoherent.
!
Instruction Scope
The instructions direct the agent to POST user data (prompts, audio, images, documents) to a third-party API (heybossai.com) using the provided API key and to download returned URLs. That is expected for a cloud model proxy, but it means any local data the agent reads or is asked to process would be transmitted off-host. The docs also use jq and show run.mjs examples even though no client or binaries are provided; allowed-tools list includes Bash/Read only. The instructions do not tell the agent to read unrelated system files, but their permissive examples mean the agent could be used to send arbitrary local content to the remote endpoint.
Install Mechanism
This is an instruction-only skill with no install spec and no files that will be written to disk; that's lower risk. However, many example commands reference a run.mjs client and use jq; those tools are not bundled or declared as required, which is an operational inconsistency (missing client/hints about required utilities).
Credentials
Only one environment variable is required: SKILLBOSS_API_KEY (the primary credential). That is proportionate for a single third-party API. The risk stems from the fact the API host and skill owner are unverified — the API key would allow that external service to process any data sent by the skill, so use least-privilege keys and verify the service before providing secrets.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation defaults. It does not request system config paths or other skills' credentials. Note: because it transmits data to an external API, allowing autonomous invocation increases potential for unintended data exfiltration — this is a platform-default behavior, not a direct misconfiguration of the skill.
What to consider before installing
This skill appears to be a multi-model proxy that sends data to https://api.heybossai.com, but its name promises browser automation and it does not include any browser-control examples or a client binary (run.mjs) referenced in the docs. Before installing: (1) Verify the provider (heybossai.com) and the skill author — there is no homepage and the owner is unknown. (2) Ask the publisher where the browser-automation CLI/client is and why run.mjs is not included or installable. (3) Only provide a scoped, low‑privilege SKILLBOSS_API_KEY (do not reuse keys that grant access to other sensitive services). (4) Expect that any files or text you submit will be uploaded to that remote API — do not use the skill with secrets, private documents, or production credentials until you trust the service. (5) Verify required local tools (jq, run.mjs or equivalent) and, if unsure, test in an isolated environment or container. If you cannot validate the provider or the missing browser-automation client, consider not installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972z9frghattb50pexenxmz6182s7km

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvSKILLBOSS_API_KEY
Primary envSKILLBOSS_API_KEY

Comments