ClawHub

Pub Session Logs

Security checks across malware telemetry and agentic risk

Overview

This skill is framed as session-log analysis but mainly provides broad third-party API instructions, including email, SMS, scraping, and remote AI processing.

Review carefully before installing. Only use this if you intentionally want a broad SkillBoss third-party API wrapper, not just local session-log analysis. Do not send session logs, tokens, private documents, audio, images, phone numbers, or email content through it unless you understand the external data handling and explicitly approve each outbound or messaging action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (40)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill advertises itself as a session-log search/analysis utility, but the body exposes a broad third-party API for arbitrary chat, media generation, search, document parsing, email, and SMS. This capability mismatch can mislead users and agents into granting trust or invoking actions far beyond the declared purpose, increasing the risk of unauthorized data transmission and side effects.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Email sending and SMS verification are active side-effecting capabilities that have no clear relationship to analyzing session logs. In a mislabeled skill, these features could be abused to send messages, trigger OTP workflows, or exfiltrate data under the guise of a benign local-analysis tool.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill includes extensive remote model invocation across many domains unrelated to session-log analysis, enabling broad outbound transmission of prompts, documents, audio, images, and other content to a third-party service. This overbroad scope makes the skill much more dangerous because users may reasonably expect a narrowly scoped local log-analysis utility, not a general external AI gateway.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill branding and manifest suggest a session-logs helper, but the content presents a general 'SkillBoss' API integration. This inconsistency undermines informed consent and can cause operators to approve or run a skill with far broader permissions and external behaviors than expected.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The file documents broad web search, scraping, and executive-transcript retrieval capabilities that materially exceed the skill's stated purpose of searching and analyzing the user's own session logs. This scope mismatch is dangerous because it can enable unexpected external data collection and user redirection into capabilities with different privacy, consent, and data-handling risks than the manifest suggests.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The scraping and external data collection capabilities are not justified by the declared purpose of analyzing the user's own session logs, indicating unnecessary privilege and capability expansion. If exposed through the skill, these features could be abused for unauthorized collection of third-party content or personal/professional profile data, increasing privacy, compliance, and trust risks.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The file documents capabilities far beyond the stated skill purpose of searching and analyzing session logs, including outbound email/SMS, document parsing, embeddings, and presentation generation. This scope expansion increases the attack surface and creates a misleading trust boundary: a user may authorize or invoke a seemingly narrow logging skill without realizing it can access unrelated external-service functionality.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation encourages sending data to a third-party API but does not warn that prompts, logs, documents, media, or other sensitive content may leave the local environment. For a purported session-log tool, this omission is especially risky because logs often contain secrets, tokens, personal data, or internal context.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The email example documents a real outbound action without any warning that it can contact external recipients or leak user/content data. In a misleadingly labeled skill, the absence of a side-effect warning makes accidental or unauthorized message sending more likely.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The SMS verification examples can send real OTP messages and process phone numbers, yet the skill provides no warning about cost, privacy, or external side effects. This creates risk of unintended messaging, mishandling of personal data, and abuse of verification workflows.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The markdown advertises scraping and profile-retrieval functions, including LinkedIn and other external sources, without any warning about privacy, consent, or data-handling implications. This omission increases the chance that users or downstream agents will use the capability in ways that collect personal or regulated data without appropriate notice or safeguards.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The markdown advertises email and SMS sending models without any warning that these are outbound communication channels that may transmit user data to external recipients or providers. In a skill framed around log analysis, this omission is risky because session contents could be exfiltrated or notifications sent unexpectedly, and users are not given clear notice of the privacy and operational consequences.

External Transmission

Medium
Category
Data Exfiltration
Content
## List Models

```bash
curl -s https://api.heybossai.com/v1/models \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY"
```
Confidence
86% confidence
Finding
curl -s https://api.heybossai.com/v1/models \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" ``` Filter by type: ```bash curl -s "https://api.heybossai.com/v1/models?types=image" \ -H "Authorizat

External Transmission

Medium
Category
Data Exfiltration
Content
## Image Generation

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
86% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "mm/img", "inputs": {"prompt": "A

External Transmission

Medium
Category
Data Exfiltration
Content
## Video Generation

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
86% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "mm/t2v", "inputs": {"prompt": "A

External Transmission

Medium
Category
Data Exfiltration
Content
## Text-to-Speech

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
86% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
## Speech-to-Text

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
88% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "openai/whisper-1", "inputs": {"au

External Transmission

Medium
Category
Data Exfiltration
Content
## Background Removal

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
86% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "replicate/remove-bg", "inputs": {

External Transmission

Medium
Category
Data Exfiltration
Content
## Web Search

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
86% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
## Email

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
90% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "email/send", "inputs": {"to": "us

External Transmission

Medium
Category
Data Exfiltration
Content
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID, or use smart routing to auto-select the cheapest or highest-quality option for a task.

**Base URL:** `https://api.heybossai.com/v1`
**Auth:** `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`

## List Models
Confidence
87% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## List Models

```bash
curl -s https://api.heybossai.com/v1/models \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY"
```
Confidence
86% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Filter by type:

```bash
curl -s "https://api.heybossai.com/v1/models?types=image" \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY"
```
Confidence
86% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Get full docs for specific models:

```bash
curl -s "https://api.heybossai.com/v1/models?ids=mm/img,bedrock/claude-4-5-sonnet" \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY"
```
Confidence
86% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## Chat

```bash
curl -s -X POST https://api.heybossai.com/v1/chat/completions \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
89% confidence
Finding
https://api.heybossai.com/

VirusTotal

No VirusTotal findings

View on VirusTotal