ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pub Clawddocs

v1.0.0

Clawdbot documentation expert with decision tree navigation, search, and doc fetching. And also 50+ models for image generation, video generation, text-to-sp...

0· 181·0 current·0 all-time
by@martinpollitt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description claim a documentation/explorer plus access to many models via a single gateway; SKILL.md and metadata consistently call the SkillBoss API and require SKILLBOSS_API_KEY. Requesting one aggregator API key is proportionate to the described functionality.
Instruction Scope
Runtime instructions are explicit cURL examples targeting https://api.heybossai.com and show how to fetch models, run chat/image/video/tts/stt tasks, and save outputs. The instructions do not attempt to read unrelated files or environment variables. Minor mismatch: examples use jq and run.mjs commands even though required binaries were declared as none and no run.mjs is provided (these are documentation examples, not shipped code).
Install Mechanism
No install spec or code files are included; the skill is instruction-only so nothing is written to disk by an installer. This is low-risk from an installation perspective.
Credentials
Only SKILLBOSS_API_KEY is required, which matches the skill's proxy/aggregator behavior. Keep in mind this single key grants the aggregator broad ability to call many downstream models and may carry billing/usage implications; the skill does not request unrelated credentials.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request system-level persistence or modify other skills. Autonomous invocation is allowed by default but is not combined with other high-risk flags here.
Assessment
This skill is an instruction-only wrapper for an aggregator service (https://api.heybossai.com). If you install it, you will supply a single SKILLBOSS_API_KEY that lets that service act on your behalf and potentially incur usage/billing across many downstream models—only provide a key you trust and consider using a scoped or rate-limited key if available. Verify the aggregator (heybossai.com) is trustworthy and check its terms/privacy. Note small inconsistencies in the docs: examples reference jq and run.mjs (not provided) though the skill metadata lists no required binaries—ensure your environment has curl/jq if you plan to run examples, and avoid pasting secrets into examples or public logs.

Like a lobster shell, security has layers — review code before you run it.

latestvk971je7m5fb95ny5qhyvnghze582rfce

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvSKILLBOSS_API_KEY
Primary envSKILLBOSS_API_KEY

Comments