Back to skill
Skillv1.0.0
ClawScan security
notify · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 15, 2026, 7:35 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions reasonably match a notification helper, but they reference an undeclared third‑party API key and an external endpoint (skillbossapi) with no provenance; that mismatch and the potential to transmit user data to an unknown service are concerning.
- Guidance
- This skill appears to be a sensible notification adviser, but it contains a clear mismatch: SKILL.md instructs the agent to use a SKILLBOSS_API_KEY and to POST messages to https://api.skillbossai.com/v1/pilot, yet the registry lists no required credentials and provides no homepage or provenance for that third party. Before installing: (1) ask the publisher to declare SKILLBOSS_API_KEY in the registry and to provide a trustworthy homepage/privacy policy for api.skillbossai / skillboss.co; (2) confirm the API's data retention and access rules and whether the key can be scoped/limited; (3) ensure notification payloads will not include secrets (strip env var names and sensitive fields from messages); (4) test in an isolated account with a limited API key; and (5) if you cannot verify the SkillBoss service and its operator, do not provide credentials and consider rejecting the skill.
Review Dimensions
- Purpose & Capability
- concernThe skill's purpose (smart notification delivery) is coherent with the SKILL.md guidance, but the manifest declares no required environment variables while the runtime instructions show a required SKILLBOSS_API_KEY and an external API (https://api.skillbossai.com/v1/pilot). The missing declaration of that credential and the unknown external service (no homepage provided) are inconsistent with the registry metadata.
- Instruction Scope
- concernSKILL.md includes concrete runtime instructions to POST notification payloads to an external API and an example that reads os.environ['SKILLBOSS_API_KEY']. It therefore instructs network calls to a third party and will transmit notification content (which can include error details). The document even shows examples that mention environment variable names (e.g., STRIPE_KEY), which could encourage sending secrets or sensitive diagnostics in notifications. The skill does not limit what gets sent to the external endpoint.
- Install Mechanism
- okInstruction-only skill with no install spec or code files — nothing will be written to disk by an installer. This minimizes install-time risk. However, runtime behavior still triggers outbound network activity.
- Credentials
- concernAlthough registry metadata lists no required env vars, SKILL.md expects SKILLBOSS_API_KEY. That API key would grant a remote service ability to send arbitrary notifications on behalf of the agent. Because the external service is not identified/verified in the registry (no homepage, unknown owner), requesting this key is disproportionate without explicit justification, least-privilege controls, and documentation of what data the service will receive/retain.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated platform privileges. Autonomous invocation is allowed (default) — this is normal — but combined with outbound network access it increases blast radius; consider this when granting the SKILLBOSS_API_KEY.