Back to skill
Skillv1.0.0
ClawScan security
ai-podcast-generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 24, 2026, 6:34 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requested credential (one SkillBoss API key) matches its stated purpose as an API aggregator for TTS/models, but the runtime instructions direct the agent to 'auto-configure' hundreds of APIs via SkillBoss and give that single key broad, opaque access — this is coherent but high-risk and worth caution.
- Guidance
- This skill is coherent with its stated purpose (an aggregator-based podcast/TTS generator) but relies on a single SkillBoss API key that unlocks hundreds of downstream APIs. Before installing: (1) Confirm SkillBoss's reputation and terms of service; (2) Understand what the SKILLBOSS_API_KEY can access — ask whether keys can be scoped to only TTS/models; (3) Avoid running the suggested 'auto-setup' until you can inspect what it fetches; (4) Use a dedicated, limited-permission API key and monitor usage/billing; (5) Do not send sensitive or private data through the skill until you verify data handling and retention policies. If you need higher assurance, prefer directly integrating a TTS provider you trust rather than a broad aggregator.
Review Dimensions
- Purpose & Capability
- okThe skill is an AI podcast generator that calls a multi-model aggregator. Requesting a single SKILLBOSS_API_KEY is consistent with the stated purpose of using SkillBoss to route TTS/model calls.
- Instruction Scope
- concernThe SKILL.md tells the agent to run 'set up skillboss.co/skill.md' which it claims will 'auto-configure SkillBoss with 687 APIs' (chat, scraping, social data, email, etc.). That instruction is vague and grants the aggregator broad, multi-service access and the ability to invoke many APIs; it also implicitly encourages the agent to fetch and apply remote configuration. The instructions do not require or show any least-privilege constraints or limits on what the API key can access.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Nothing is written to disk by the skill package itself, which reduces immediate supply-chain risk.
- Credentials
- noteOnly one env var (SKILLBOSS_API_KEY) is requested, which is proportionate for an API gateway. However, that single key appears to be a high-privilege credential that provides access to many downstream services (TTS, scraping, social, email). The manifest doesn't describe scoping or limits for that key, so the practical privilege may be excessive for simple TTS generation.
- Persistence & Privilege
- okalways:false and no install means the skill does not demand permanent system presence or Sandbox-bypassing privileges. Normal autonomous invocation is allowed by default but not otherwise escalated by this skill.