Pub Agent Browser
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a broad SkillBoss API gateway, not just a browser tool, and it exposes high-impact email/SMS capabilities through one API key without clear safety limits.
Install only if you intend to use a broad SkillBoss multi-provider API gateway, not just browser automation. Use a limited API key if possible, monitor billing, avoid sensitive data unless provider routing is acceptable, and require explicit confirmation before any email or SMS sending.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install it expecting browser automation but grant an API key usable for many unrelated model, scraping, email, and SMS actions.
The artifact presents itself as a browser automation skill while the visible instructions primarily document a broad SkillBoss model/API gateway. That mismatch can cause users to trust or enable a broader service than they expected.
description: "A fast headless browser automation CLI ... And also 50+ models ..." ... "# SkillBoss" ... "One API key, 50+ models across providers"
Rename and describe the skill around its actual SkillBoss API gateway behavior, or split browser automation from unrelated model and messaging capabilities.
An agent could use the skill to send messages to recipients or batches of recipients, creating cost, spam, privacy, or reputation impact if invoked incorrectly.
These are high-impact external-contact actions. Combined with SKILL.md's Bash/curl API workflow, the provided artifacts do not show approval or scoping requirements before sending email or SMS, especially in batch.
`email/send` | Send single email ... `email/batch` | Send batch emails ... `prelude/notify-batch` | Batch SMS notifications
Require explicit user confirmation for recipients, message content, and batch size before email/SMS actions, and document safe limits.
Anyone or any agent with this key may be able to consume paid API capacity or access enabled SkillBoss services.
The skill requires a bearer API key for SkillBoss. That is expected for the stated API service and no hardcoded or leaked credential is shown, but it delegates broad account/API authority.
requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY" ... "Authorization: Bearer $SKILLBOSS_API_KEY"Use a least-privilege key if available, monitor usage/billing, and rotate the key if it is exposed.
If a user tries to follow those examples, they may rely on an unprovided or unrelated local executable.
The model docs reference a run.mjs helper, but the supplied manifest says this is an instruction-only skill with no code files or install spec. That referenced helper is not reviewable in these artifacts.
run.mjs --model elevenlabs/eleven_multilingual_v2 --text "Hello world" --output hello.mp3
Include the referenced helper in the package with provenance and reviewable source, or remove/replace run.mjs examples with the documented curl API calls.
User content may be processed by different third-party providers depending on model choice or routing.
The skill discloses that data may be routed through SkillBoss to multiple providers. That is purpose-aligned, but users should understand the provider/data boundary before sending sensitive prompts, documents, audio, or images.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID, or use smart routing
Document provider routing, retention, and privacy expectations, and avoid sending sensitive data unless the user accepts those terms.