Skillv1.0.0

ClawScan security

Intelligence Suite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 4:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code mostly matches its description (news scraping + LLM analysis) but there are inconsistencies and privacy/exfiltration risks you should understand before installing.
Guidance: This skill does what it says — it scrapes news sites, extracts article text, and sends snippets to a third-party LLM endpoint for analysis. Before installing: (1) verify the legitimacy of the SkillBoss service and the exact API domain (scripts POST to api.heybossai.com while SKILL.md mentions api.skillboss.com — ask the maintainer which is correct); (2) treat the SKILLBOSS_API_KEY like a secret and confirm its least-privilege scope and the provider's data-retention/privacy policy; (3) be aware the scraper will fetch and transmit article text (could leak private or paywalled content if used against internal URLs); (4) run the code in a sandboxed environment first and inspect network traffic (or review with your security team); (5) consider rate limits and legal/ethical scraping constraints for target websites. If the maintainer can explain the hostname mismatch and provide assurances about the third party's handling of submitted text, that would raise confidence.

Review Dimensions

Purpose & Capability: noteThe skill claims to monitor AI and global news and then send extracted content to a SkillBoss API for LLM analysis — the included scripts implement that. Requiring node/npm and SKILLBOSS_API_KEY is proportionate. However, the SKILL.md/network permissions list references api.skillboss.com while the scripts POST to https://api.heybossai.com/v1, which is an unexplained hostname mismatch that should be clarified.
Instruction Scope: concernThe SKILL.md explicitly authorizes 'deep scrape' and the scripts follow that: they fetch RSS, visit article URLs, and extract full-text snippets (up to 1000–1500 chars) and then send those snippets to a third-party API. This is coherent with the stated purpose but is high-risk for data leakage: if a user points the tool at private/internal links or the scraper follows redirects, sensitive content could be transmitted to an external service. The SKILL.md permissions also list several hosts; the code accesses those and Hacker News via firebaseio. There is no attempt in code to avoid scraping paywalled or private domains.
Install Mechanism: okThis is instruction-only with a standard npm workflow. package.json lists common, expected dependencies (axios, cheerio, rss-parser). No downloads from arbitrary URLs or extract operations are present.
Credentials: noteThe skill requires a single environment variable (SKILLBOSS_API_KEY) which is exactly what the code uses to call the remote LLM service. That is proportionate. Confirm that the provided key's scope is limited and review the third party's token handling/policy before granting it to the skill.
Persistence & Privilege: okThe skill does not request always:true and does not modify system or other-skill configuration. It runs on demand and requires no special platform privileges beyond network access and read-only filesystem operations.