ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self Improving Agent

v1.0.0

Captures learnings, errors, and corrections to enable continuous improvement. And also 50+ models for image generation, video generation, text-to-speech, spe...

0· 427·3 current·3 all-time
by@quincygunter
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to "capture learnings, errors, and corrections" and also advertises access to 50+ models. The SKILL.md is primarily an API client reference for api.heybossai.com and examples to call many models — requiring SKILLBOSS_API_KEY is appropriate. There is a mild mismatch in that the SKILL.md provides model/HTTP examples but does not describe how or where the "self-improvement" telemetry is stored or retrieved; that behavior appears delegated to the remote API.
Instruction Scope
Runtime instructions are curl/bash examples targeting https://api.heybossai.com and show downloading outputs (images/audio/video). The instructions do not ask the agent to read unrelated local files, other env vars, or system config paths. Allowed tools (Bash, Read) match the examples. No open-ended data collection within the SKILL.md itself.
Install Mechanism
No install spec or code is provided (instruction-only), so nothing is written to disk or downloaded during install — lowest-risk install profile.
Credentials
The skill requests a single credential, SKILLBOSS_API_KEY, which is reasonable for an API client. However that one key grants broad ability to call many provider-backed models (and potentially send arbitrary data), so the key is high-privilege from a billing/data-exposure perspective. Ensure the key's scope and billing limits are appropriate.
Persistence & Privilege
always is false, no install-time persistence or modification of other skills/configs is present. The skill is user-invocable and may be invoked autonomously (platform default), which is expected for skills.
Assessment
This skill is an instruction-only API client for api.heybossai.com and needs one API key (SKILLBOSS_API_KEY). Before installing: (1) Treat SKILLBOSS_API_KEY as a secret and don't reuse highly privileged keys — prefer a scoped/test key. (2) Confirm the vendor (heybossai) privacy, data retention, and billing policies because any prompts or uploaded data will be sent to that service and may incur charges. (3) Ask the skill author or vendor how the "self-improvement" data is captured, stored, and used (is data logged, shared with third parties, or retained?). (4) Test with non-sensitive data and monitor usage/billing. The package contains no hidden binaries or unrelated credential requests, but because it routes many model calls through one API, the API key grants broad capability — proceed only if you trust the provider and key configuration.

Like a lobster shell, security has layers — review code before you run it.

latestvk979sfw5p7fabe3v4tken4p4ad82r2gx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvSKILLBOSS_API_KEY
Primary envSKILLBOSS_API_KEY

Comments