Pub Agent Browser Clawdbot
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to be a broad third-party AI/API gateway rather than just a browser tool, and it exposes high-impact actions like batch email/SMS through one API key without documented safeguards.
Install only if you intentionally want a broad SkillBoss API gateway, not merely a browser automation helper. Use a restricted API key if possible, avoid sensitive inputs unless you trust the service, and require explicit review before any email, SMS, scraping, storage, or document-processing action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install it expecting a browser helper while granting access to a much broader service that can generate content, scrape sites, process documents, and send messages.
The advertised browser-automation purpose is not supported by the provided instructions, which primarily describe a SkillBoss multi-provider API gateway. This mismatch can cause users to underestimate the skill's actual breadth.
description: "Headless browser automation CLI optimized for AI agents with accessibility tree snapshots. And also 50+ models ... email, and SMS." ... "# SkillBoss"
Clarify the description and separate browser automation from the SkillBoss API gateway, or explicitly document every major capability and its risks.
If invoked too broadly, the agent could send unwanted emails or SMS messages, create spam-like behavior, expose private content to recipients, or incur service costs.
The model catalog includes outbound email and SMS sending, including batch operations, but the artifacts do not define user confirmation, recipient limits, rate limits, or rollback guidance.
`email/send` | Send single email ... `email/batch` | Send batch emails ... `prelude/notify-batch` | Batch SMS notifications
Require explicit user approval for every send action, show recipients and message content before sending, and avoid batch messaging unless the user specifically requests it.
A single exposed or overused key could allow broad API usage, charges, or delegated actions beyond the user's immediate request.
The skill requires one bearer credential that can be used across many providers and capability types. The artifacts do not show narrower scopes or separate credentials for high-impact actions.
metadata: {"clawdbot":{"requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY"}} ... "One API key, 50+ models across providers"Use the least-privileged key available, disable unused SkillBoss capabilities if possible, and only install if you trust the service and need its broad access.
Prompts, files, audio, or document contents submitted through the skill may leave the local environment and be processed by external services.
Requests may go through the SkillBoss gateway and then to selected third-party providers. This is disclosed and purpose-aligned, but the artifact does not detail data handling or retention boundaries.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). ... smart routing to auto-select
Avoid submitting sensitive data unless you have reviewed SkillBoss and downstream provider privacy terms.
If a user or agent tries to use run.mjs, its actual behavior depends on some external or preexisting command that was not reviewed here.
Several model files reference a run.mjs CLI helper, but the supplied manifest says no code files or install spec are present, so that helper is not reviewable in this artifact set.
run.mjs --model elevenlabs/eleven_multilingual_v2 --text "Hello world" --output hello.mp3
Prefer the documented curl examples unless the run.mjs implementation and installation source are provided and reviewed.