Skillboss
Security checks across static analysis, malware telemetry, and agentic risk
Overview
SkillBoss is mostly a disclosed API-wrapper skill, but it exposes broad model access including batch email and SMS sending without clear confirmation, scoping, or safety controls.
Review this skill before installing. It appears to be a legitimate instruction-only gateway to SkillBoss APIs, but treat it as powerful: use a limited API key, avoid sensitive data unless provider routing is acceptable, and require explicit confirmation before any email, SMS, batch, or paid high-volume action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could send emails or SMS messages, potentially to many recipients, causing cost, spam, reputation, or privacy problems if used without careful review.
The skill exposes external communication actions, including batch email and SMS, but the artifacts do not show explicit confirmation, recipient review, rate limits, or other guardrails for these high-impact actions.
`email/send` | Send single email ... `email/batch` | Send batch emails ... `prelude/notify-batch` | Batch SMS notifications
Only use email/SMS actions after explicit user confirmation with a visible recipient list, message preview, and batch-size limits.
Misuse of the key could spend credits or access SkillBoss-connected services under the user's account.
The skill requires a provider API key. This is expected for the service, but the key may authorize paid model usage and external actions across multiple providers.
metadata: {"clawdbot":{"requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY"}}Use a dedicated, revocable API key with usage limits if available, monitor usage, and rotate the key if it is exposed.
Sensitive prompts, documents, audio, or media may be processed by SkillBoss and an underlying third-party provider the user did not explicitly choose.
The skill intentionally routes user prompts and files through a gateway to multiple possible providers, and smart mode may select the provider automatically.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID, or use smart routing to auto-select the cheapest or highest-quality option for a task.
Avoid sending sensitive data unless the user accepts the provider routing and data-handling terms; prefer explicit model/provider selection for sensitive work.
Those examples may fail or could accidentally invoke an unrelated local helper if one exists in the environment.
Several auxiliary files show examples using a run.mjs helper, but the provided manifest contains no run.mjs file and there is no install spec for it.
run.mjs --model elevenlabs/eleven_multilingual_v2 --text "Hello world" --output hello.mp3
Use the documented curl API calls unless the run.mjs helper is supplied from a trusted, reviewed source.