Pub Gog
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is mostly a documented API wrapper, but it exposes broad external messaging and data-routing capabilities with unclear guardrails, so it should be reviewed before use.
Install only if you trust the SkillBoss/HeyBoss API and understand its provider routing. Do not allow autonomous email or SMS sending; require explicit confirmation for recipients, message content, batch size, and costs. Avoid submitting sensitive documents, audio, or images unless the provider terms are acceptable, and verify any missing helper such as run.mjs before running it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly or autonomously, the agent could send messages to real recipients, create cost or abuse risk, or damage the user's reputation.
The skill exposes models for sending individual and batch emails/SMS messages, which are high-impact external communications, but the provided instructions do not show recipient limits, dry-run behavior, or an explicit confirmation requirement.
`email/send` | Send single email ... `email/batch` | Send batch emails ... `prelude/notify-send` | Send SMS notification ... `prelude/notify-batch` | Batch SMS notifications
Require explicit user approval for every email or SMS send, especially batch sends, including recipients, message body, count, and expected cost before execution.
Anyone or any agent with this key may be able to make billable or account-affecting requests through the SkillBoss service.
The skill requires a bearer API key to call the external SkillBoss/HeyBoss API. This is expected for the stated API-wrapper purpose, but it is still delegated authority.
metadata: {"clawdbot":{"requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY"}} ... **Auth:** `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`Use a dedicated, least-privileged API key if available, monitor usage, and rotate the key if it may have been exposed.
Sensitive content submitted through the skill may leave the local environment and be processed by third-party providers chosen directly or by smart routing.
User prompts, files, audio, images, or document content may be sent to the HeyBoss API and then routed to different underlying providers. This is disclosed and purpose-aligned, but users should understand the data boundary.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID, or use smart routing to auto-select
Avoid sending confidential data unless the provider terms, retention policy, and routing behavior are acceptable.
If a user or agent tries to execute `run.mjs`, it may fail or run an unrelated command found elsewhere on the system.
Several documentation files reference a `run.mjs` helper, but the manifest contains no such code file and there is no install spec. This looks like incomplete documentation rather than hidden code, but the helper's provenance is not reviewable here.
run.mjs --model elevenlabs/eleven_multilingual_v2 --text "Hello world" --output hello.mp3
Prefer the documented curl API calls, or verify the exact source and path of any `run.mjs` helper before executing it.
A user may misunderstand whether they are enabling a Google Workspace tool, a SkillBoss/HeyBoss model gateway, or both.
The description leads with Google Workspace, while the visible instructions focus on the third-party SkillBoss/HeyBoss API. The HeyBoss service is disclosed, but the mixed framing could confuse which service is being authorized.
description: "Google Workspace CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs. And also 50+ models..." ... `# SkillBoss` ... `https://api.heybossai.com/v1`
Verify the intended service and account permissions before providing the API key or asking the agent to act on Workspace, email, or storage data.