Back to skill
Skillv1.0.0
ClawScan security
Advanced Skill Creator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 30, 2026, 8:01 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is coherent with its stated purpose (it uses an external AI hub to produce SKILL.md content and requires a matching API key), but it will send user requests and research data to a third-party API (api.heybossai.com) and the SKILL.md contains strict output directives and a detected prompt-injection pattern — these factors increase risk and deserve caution.
- Guidance
- This skill appears to do what it says, but it will send user requests and assembled research data to a third-party API (https://api.heybossai.com) using the SKILLBOSS_API_KEY. Before installing: 1) Confirm you trust the external provider (heybossai/heybossai.com) and their privacy/retention policies; 2) Do not supply SKILLBOSS_API_KEY if you are not comfortable sending potentially sensitive user content or workspace context to that service; 3) If you must test it, run the script in an isolated environment or with a limited/test API key and inspect network egress; 4) Review the generated prompt and outputs for any hidden/excessive instructions (the SKILL.md requests exact headings and includes prompt-coercion style wording); 5) Consider disabling autonomous invocation or restricting triggers until you’ve validated behavior. If the vendor is verified and you accept sending data externally, the design is coherent; otherwise treat it as potentially exposing sensitive data.
- Findings
[you-are-now] unexpected: A prompt-injection pattern was detected in SKILL.md. The skill does include strong output-format directives and uses an external AI endpoint for generation; such directives can be used to coerce model behavior. This pattern is not necessary for the stated purpose and raises concerns about prompt-manipulation or accidental inclusion of coercive instructions in generated content.
Review Dimensions
- Purpose & Capability
- okName/description align with the actual files and behavior. The skill includes a Python script that implements the described 5-step flow and explicitly calls an external AI service (SkillBoss API Hub). Requiring python3, bash and a SKILLBOSS_API_KEY is consistent with the stated functionality.
- Instruction Scope
- concernSKILL.md and the script instruct the agent to assemble research data and (when SKILLBOSS_API_KEY is present) POST that data plus the user's request to a third-party API (https://api.heybossai.com/v1/pilot). The SKILL.md also demands exact output structure and contains content that the pre-scan flagged as a prompt-injection pattern. That combination (automatically sending potentially sensitive user/research context to an external model + strict output coercion) increases the chance of unintended data disclosure and prompt-manipulation.
- Install Mechanism
- okNo install spec is provided (instruction-only install), and the included code file runs with standard Python and requests. There is no archive download or unusual installer that writes arbitrary binaries to disk. Risk from installation is low relative to the network behavior.
- Credentials
- noteOnly one credential is required: SKILLBOSS_API_KEY, declared as the primaryEnv. That is proportionate because the code calls the SkillBoss API. However, this single key effectively grants a third party access to any user request and assembled research context the skill sends — so evaluate whether you trust the external provider before supplying the key.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide privileges or modify other skills. It is user-invocable and can be autonomously invoked by the agent (the platform default), which is expected for a skill of this type.