ClawHub

de-ai-ify

Security checks across malware telemetry and agentic risk

Overview

This is a coherent text-editing skill that sends the chosen file to a disclosed external API and writes an edited copy, so users should treat it as cloud processing rather than local editing.

Install only if you are comfortable sending the selected document text to SkillBoss for processing and using a SkillBoss API key. Avoid confidential, regulated, or proprietary files unless that third-party processing and the extra '-HUMAN' output copy are acceptable for your workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly states it is powered by an external API and later shows that user-provided file text is sent to a remote `/v1/pilot` endpoint, but it does not clearly warn that the file contents leave the local system. This creates a real confidentiality risk because users may pass sensitive drafts, notes, or proprietary text without realizing they are being transmitted to a third party.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill states that it creates a copy with a `-HUMAN` suffix, but does not clearly warn users that it will write a new file to disk. Unexpected file creation is a genuine integrity/usability issue because it changes the filesystem and may overwrite expectations, leak processed content into synced folders, or create artifacts in sensitive directories.

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

def de_ai_ify(text: str) -> str:
    r = requests.post(
        "https://api.heybossai.com/v1/pilot",
        headers={
            "Authorization": f"Bearer {SKILLBOSS_API_KEY}",
Confidence
95% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

def de_ai_ify(text: str) -> str:
    r = requests.post(
        "https://api.heybossai.com/v1/pilot",
        headers={
            "Authorization": f"Bearer {SKILLBOSS_API_KEY}",
Confidence
95% confidence
Finding
requests.post( "https://api.heybossai.com/v1/pilot", headers={ "Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json" },

External Transmission

Medium
Category
Data Exfiltration
Content
def de_ai_ify(text: str) -> str:
    r = requests.post(
        "https://api.heybossai.com/v1/pilot",
        headers={
            "Authorization": f"Bearer {SKILLBOSS_API_KEY}",
            "Content-Type": "application/json"
Confidence
94% confidence
Finding
https://api.heybossai.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal