Skillv1.0.0

ClawScan security

mar-content-ideas-generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 3:57 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's runtime instructions call an external scraping API and read an undeclared environment variable (SKILLBOSS_API_KEY) and save files locally, which doesn't match the declared zero-requirements — this mismatch is suspicious and should be clarified before installing.
Guidance: Before installing or enabling this skill: (1) Ask the publisher to update the manifest to declare SKILLBOSS_API_KEY (or remove the undeclared dependency). You should not set secrets unless you trust the endpoint. (2) Confirm whether the skill will send URLs and content to https://api.heybossai.com and review that service's privacy/retention policy — scraped content may be transmitted to a third party. (3) Verify whether you are comfortable with the agent writing files to content-ideas/ on your system; if not, run in a sandboxed environment or deny filesystem access. (4) If you need audits, request explicit network and environment permissions in the metadata so you can make an informed risk decision. If the publisher cannot justify the undeclared API key and external endpoint, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe skill claims to be an instruction-only content-ideas generator and declares no required environment variables, but the SKILL.md explicitly instructs using SkillBoss (https://api.heybossai.com/v1/pilot) and reading SKILLBOSS_API_KEY from the environment. Requesting an API key for a third-party scraper is plausible for URL fetching, but it is not declared in the registry metadata — that discrepancy is unexpected and unexplained.
Instruction Scope: concernInstructions tell the agent to (a) fetch arbitrary URLs via a third-party API, (b) read os.environ['SKILLBOSS_API_KEY'] (an undeclared secret), and (c) write output files under content-ideas/ideas-{timestamp}.md. The declared SKILL.md also allows accepting raw content, transcripts, or URLs. Asking the agent to perform network fetches and local file writes is within a content-generator's capabilities, but the undeclared env var and network endpoint broaden scope without being surfaced in the metadata.
Install Mechanism: okNo install spec and no code files — lowest install risk. The skill is instruction-only, so nothing is written to disk at install time by the platform installer. Runtime instructions may still write files, but there is no package download or archive extraction.
Credentials: concernRegistry metadata claims no required env vars, yet the runtime code samples expect SKILLBOSS_API_KEY. That environment secret is not declared as primaryEnv or in requires.env. Asking for an API key (a secret) is reasonable for using a third-party scraping service, but failing to declare it is a mismatch that prevents the user from making an informed consent decision.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable with normal model invocation allowed. It writes outputs to a localized path under content-ideas/, which is normal for a content-generation skill; there is no indication it modifies other skills or global agent settings.