Pub Web Search
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is not obviously malicious, but it is a broad SkillBoss API gateway—not just web search—and can use one key for multi-provider models plus email/SMS batch actions without visible guardrails.
Install only if you intentionally want a broad SkillBoss API gateway, not just web search. Use a limited API key with quotas if possible, confirm before any email/SMS/batch action, avoid uploading sensitive files or audio unless you trust the routing and retention policies, and do not run any external run.mjs helper without reviewing it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could send emails or SMS messages through the provider if prompted or if it misinterprets a task.
The skill lists outbound and bulk messaging actions as available tool models. These actions can affect third parties, reputation, and billing, and the provided artifacts do not show confirmation, recipient, quota, or rate-limit controls.
`email/send` | Send single email ... `email/batch` | Send batch emails ... `prelude/notify-batch` | Batch SMS notifications
Require explicit user confirmation and narrowly scoped recipient/content limits before invoking any email, SMS, or batch-send model.
Misuse of this key could incur costs, expose user prompts or files to providers, or trigger actions beyond web search.
The required credential delegates broad access across many providers and model types, rather than a narrowly scoped web-search-only capability.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID ... Auth: `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`
Use a least-privilege key if available, set billing/quota limits, and install only if you trust SkillBoss to broker all listed provider calls.
Sensitive prompts, documents, audio, or images may be processed by whichever provider the service selects.
Smart routing can send user prompts or uploaded content to different downstream providers. This is disclosed and purpose-aligned, but the exact destination may vary.
use smart routing to auto-select the cheapest or highest-quality option for a task
Avoid sending sensitive data unless you understand the provider routing and retention policies; choose an explicit model/provider when needed.
A malicious web page could try to influence the agent’s behavior if the agent treats fetched content as instructions.
The skill can retrieve and process arbitrary web pages, whose contents may include prompt-injection text. This is expected for a search/scraping skill but should be treated as untrusted data.
`linkup/fetch` | URL-to-markdown fetcher ... `firecrawl/scrape` | Single page scraping ... `firecrawl/extract` | AI structured extraction
Treat search and scraped page contents as untrusted evidence, not as instructions to the agent.
If a user obtains and runs a separate run.mjs script, that code would not have been reviewed as part of this skill.
Auxiliary documentation references a run.mjs helper, but no such script is included in the provided manifest or install spec. This is not malicious by itself, but its provenance is outside this review.
run.mjs --model openai/whisper-1 --file recording.m4a
Use the documented curl commands or review any external helper script before running it.