Pub Gemini
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is mostly a documented third-party AI API gateway, but it gives a Gemini-branded agent broad SkillBoss API access including batch email/SMS and data-upload models without clear guardrails.
Only install this if you intentionally want a broad SkillBoss multi-provider gateway, not just a narrow Gemini helper. Use a dedicated limited API key, avoid sensitive files or recordings unless you trust the provider, and require explicit review before any email, SMS, batch, or paid generation action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may think they are enabling a narrow Gemini helper while actually allowing calls to a broader third-party gateway.
The skill is presented as Gemini, but the operational service is a SkillBoss multi-provider gateway. Although this is disclosed in the body, the framing could cause users to misunderstand the provider, data destination, and breadth of authority.
name: gemini description: "Gemini CLI for one-shot Q and A..." ... # SkillBoss One API key, 50+ models across providers
Rename and describe the skill as a SkillBoss multi-provider API gateway, and prominently list the major non-chat capabilities before use.
If invoked too broadly, the agent could send unwanted messages or consume paid API credits.
The documented model list includes outward email and SMS sending, including batch operations, but the artifacts do not provide explicit user-confirmation, recipient-scope, rate-limit, cost, or rollback guidance.
| `email/send` | Send single email | | `email/batch` | Send batch emails | ... | `prelude/notify-batch` | Batch SMS notifications |
Require explicit user confirmation for every email/SMS send, show recipients and message bodies first, and avoid batch messaging unless the user has clearly approved the exact list and content.
Anyone using the skill should assume the API key may be charged for many supported provider actions.
The required credential is clearly disclosed and expected for the integration, but it appears to authorize access to the broad SkillBoss gateway rather than a narrowly scoped Gemini-only service.
metadata: {"clawdbot":{"requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY"}}
...
**Auth:** `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`Use a dedicated key with limited credits or scope if possible, rotate it if exposed, and monitor provider usage.
Sensitive prompts, files, or recordings could be processed by SkillBoss and its underlying providers.
The documented workflows send user prompts and potentially audio or document-derived content to an external API endpoint. This is purpose-aligned, but it means private data may leave the local environment.
curl -s -X POST https://api.heybossai.com/v1/chat/completions ... "messages": [{"role": "user", "content": "Explain quantum computing"}]
...
"inputs": {"audio_data": "BASE64_AUDIO", "filename": "recording.mp3"}Avoid sending confidential data unless you trust the provider path and have reviewed the provider’s privacy and retention terms.
Users may try to run an external or missing helper script that was not included in the reviewed package.
Some examples reference a `run.mjs` helper, but the supplied artifacts contain no such code file or install specification. This is not malicious by itself, but its provenance and behavior are not reviewable here.
run.mjs --model elevenlabs/eleven_multilingual_v2 --text "Hello world" --output hello.mp3
Use the documented `curl` API calls or only run a `run.mjs` helper if it is separately provided and reviewed.