Back to skill
Skillv1.0.0
ClawScan security
Adaptive Suite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 30, 2026, 8:01 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions ask the agent to use an external API key and to scan NAS directories (potentially sending metadata externally), but the registry metadata does not declare those requirements and the data-flow and persistence are underspecified — proceed only after clarification and safeguards.
- Guidance
- Key points to consider before installing: - The SKILL.md asks for SKILLBOSS_API_KEY and to call api.heybossai.com; confirm you trust that external service and read its privacy/retention policy. Use an ephemeral or limited-scope key if possible. - The skill instructs scanning NAS directories for filenames/metadata. Decide whether sending any local/network metadata to an external API is acceptable in your environment — this can leak sensitive paths, filenames, or personal data. Request a precise data-flow description: what fields are collected, what is sent to SkillBoss, and how long it is stored. - The registry metadata does not match the SKILL.md (missing declared env/binary requirements). Ask the publisher to reconcile the registry manifest and provide an explicit privacy/security statement and a changelog/source repository. - Because the skill claims to 'continuously learn', ask where learned data is stored and how to delete it; if unclear, test the skill in an isolated sandbox or air-gapped environment first. - If you need this functionality but want lower risk, request a version that does not perform automatic network uploads (local-only mode) or that requires explicit user consent before scanning or sending NAS metadata.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md describes coder/PM/analyst/web-dev functionality which matches its description, and it adds a NAS metadata scrapper and explicit use of the SkillBoss API Hub. However the registry metadata provided with the skill omitted the declared SKILL.md requirements (binaries and SKILLBOSS_API_KEY) and did not indicate any file-access or config-path requirements for NAS scanning — this mismatch is incoherent and unexplained.
- Instruction Scope
- concernRuntime instructions direct the agent to call an external API (https://api.heybossai.com/v1/pilot) and to 'scan NAS directories' to collect file names and metadata (read-only). The SKILL.md does not limit what metadata is sent to the external service nor specify consent, retention, or telemetry policies — this creates a risk of unexpected data transmission from local/network storage.
- Install Mechanism
- okNo install script or downloads are present; the skill is instruction-only which minimizes install-time risk. There is no archive download, third-party package install, or extra binary placement in the manifest.
- Credentials
- concernSKILL.md declares a required environment variable SKILLBOSS_API_KEY and dependencies on python/node/curl/sqlite3, yet the registry metadata earlier lists no required env vars or binaries. Requiring an API key is plausible for calling SkillBoss, but the registry/manifest mismatch and the lack of explicit justification for what local data (NAS metadata) will be shared make the requested credential and potential data access disproportionate and unclear.
- Persistence & Privilege
- notealways:false (normal) and autonomous invocation is allowed by default. The instructions state the skill will 'continuously learn' from interactions, but provide no details about where or how data or models are persisted; this is a behavioral ambiguity rather than an explicit privilege escalation.