Back to skill
Skillv1.0.0
ClawScan security
mar-docstrange · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 24, 2026, 3:39 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (sending documents to an external SkillBoss API and requiring an API key) is coherent with its description, but there are provenance and metadata inconsistencies you should resolve before installing and you should treat document uploads as sensitive.
- Guidance
- This skill appears to do what it says (it posts documents to an external SkillBoss API and expects an API key). Before installing: 1) Verify the skill's origin and the correct homepage/contact for SkillBoss (registry metadata lacked this). 2) Confirm the platform will require/provide SKILLBOSS_API_KEY as package.json and SKILL.md indicate. 3) Treat any documents you send as potentially sensitive — avoid uploading PII or secrets unless you trust SkillBoss's privacy/security posture and have read their policy. 4) Prefer providing the API key via the agent's secret store or environment variable, not a plain config file; if you must store it in ~/.openclaw/openclaw.json follow the provided file-permission advice and rotate keys regularly. 5) Test the skill with non-sensitive documents first. If you cannot verify the vendor or the metadata mismatch, consider not installing or contact the platform support for provenance confirmation.
Review Dimensions
- Purpose & Capability
- noteSKILL.md and package.json consistently describe a document-extraction integration with https://api.heybossai.com and require SKILLBOSS_API_KEY — this aligns with the stated purpose. However, the registry metadata shown above lists no required env vars and no homepage; that discrepancy between registry metadata and the included files is unexplained and worth verifying (source is 'unknown').
- Instruction Scope
- okRuntime instructions are limited to calling the external API (POST to https://api.heybossai.com/v1/run) and uploading documents (via URL or base64). The instructions do not ask the agent to read unrelated local files, other credentials, or system state. They do explicitly instruct storing and using an API key and optionally storing it in OpenClaw config.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files to execute locally, which minimizes install-time risk. package.json is present but there is no installer or archive download step.
- Credentials
- noteOnly one credential is required in the SKILL.md and package.json: SKILLBOSS_API_KEY (declared as primaryEnv). That is proportionate for a cloud OCR API. The concern is the registry metadata at the top reported 'Required env vars: none' — inconsistent with the files. Confirm which declaration the platform will enforce before providing secrets.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills or system-wide settings, and is user-invocable. It does not request elevated or persistent system privileges.