Backboard.io
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Backboard.io purpose, but its API-key-backed local server is under-declared and can run exposed to the network with persistent-data and destructive account actions.
Review before installing or running. If you use it, run the backend only on 127.0.0.1, do not expose port 5100 to your network, disable debug mode, use a limited Backboard API key if possible, and carefully review what memories and documents are stored or deleted.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone who can reach port 5100 on the user's network could potentially invoke Backboard actions through the user's running backend.
The backend is started on all network interfaces, not just localhost. Because the same Flask app exposes Backboard management endpoints, this can make account-mutating actions reachable beyond the user's machine if the port is accessible.
uv run flask run --host=0.0.0.0 --port=5100
Bind the server to 127.0.0.1 by default, add local authentication or origin protections, and require explicit confirmation for destructive operations.
Users may not realize the skill needs an API key that can create, read, update, and delete Backboard resources.
The backend requires a Backboard API key even though the supplied registry metadata declares no required environment variables or primary credential. That key grants delegated access to Backboard account operations.
if [ -z "$BACKBOARD_API_KEY" ]; then
echo "ERROR: BACKBOARD_API_KEY environment variable is not set"Declare BACKBOARD_API_KEY in metadata, document its scope clearly, and use the least-privileged Backboard credential available.
Running the backend in this mode could expose a dangerous development server to other devices on the network.
If run directly, the Flask app enables debug mode while binding to all interfaces. A network-exposed Flask debugger is unnecessary for this skill and can create code-execution risk.
app.run(host="0.0.0.0", port=5100, debug=True)
Disable debug mode in packaged runtime paths and bind to localhost unless the user deliberately configures otherwise.
Information saved as memory may affect future conversations and may remain in Backboard until deleted.
Persistent Backboard memory is an intended feature and is disclosed, but it means user preferences, conversation-derived facts, or other content can be retained and reused later.
Store a memory for an assistant that persists across conversations.
Store only information the user intentionally wants retained, explain what is being saved, and make deletion/review easy.
A future dependency release could change behavior or introduce vulnerabilities when the backend is installed.
The backend depends on external packages with lower-bound version constraints rather than pinned versions. This is common for Python projects but leaves runtime behavior dependent on package resolution at install time.
"flask>=3.0.0", "backboard-sdk>=1.4.11", "pydantic>=2.0.0", "python-dotenv>=1.0.0"
Pin or lock dependency versions for releases and verify package provenance before running the backend.