SkillBoss

v1.0.0

Give your OpenClaw agent access to 354+ tools (100+ LLMs, web scraping, search, image/video/audio generation, email) through one API key with signed JWT audi...

⭐ 0· 68·0 current·0 all-time

by@richiecyq

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for richiecyq/skillbossapp.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "SkillBoss" (richiecyq/skillbossapp) from ClawHub.
Skill page: https://clawhub.ai/richiecyq/skillbossapp
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skillbossapp

ClawHub CLI

Package manager switcher

npx clawhub@latest install skillbossapp

Security Scan

Capability signals

CryptoRequires walletCan make purchases

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Pending

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The plugin's code and SKILL.md consistently require a SkillBoss API key and route all calls to api.skillboss.co, which is coherent with the stated purpose. However the registry metadata at the top incorrectly lists "Required env vars: none" and "Primary credential: none" even though openclaw.plugin.json, marketplace.json, and SKILL.md all require SKILLBOSS_API_KEY (apiKey in configSchema). There are also inconsistent catalog size claims (SKILL.md: 354+; README/manifest: 700+). These mismatches are suspicious because they make it harder to audit what credentials the plugin needs and why.

ℹ

Instruction Scope

The SKILL.md and README instruct the agent/user to obtain and export a SkillBoss API key, install the npm package, and use the provided tools (chat, scrape, search, generate_image, send_email, run, etc.). The instructions themselves do not request other unrelated system files or credentials, and the code only uses the configured API key and network calls to SkillBoss endpoints. That scope is appropriate for a gateway/wallet plugin.

ℹ

Install Mechanism

Installation is via the npm package skillboss-openclaw-plugin (no remote archive downloads). The registry summary claimed "No install spec — instruction-only skill," but the package includes code and a package.json indicating an npm distribution. This inconsistency (instruction-only vs packaged code) is not necessarily malicious but is an operational/integrity concern you should clarify before install. Npm installs are standard but still carry risk; review the published npm package and its integrity (checksums/signature) if you plan to use it.

Credentials

Functionally the plugin needs a single API credential (SkillBoss API key) which is proportionate to a multi-vendor gateway. However the top-level registry metadata omitted this requirement while other manifests require SKILLBOSS_API_KEY (openclaw.plugin.json configSchema and .claude-plugin/marketplace.json). That omission is an inconsistency worth flagging: it could be a packaging error or an attempt to hide required secrets. No other unrelated secrets are requested by the code.

✓

Persistence & Privilege

The skill does not request always: true, does not modify other skills' configurations, and only runs as a normal user-invocable plugin. It will make outbound network requests (expected for a gateway) but does not request elevated platform privileges in the provided manifests.

What to consider before installing

Before installing: 1) Treat SKILLBOSS_API_KEY as a sensitive credential — only provision a scoped/trial key for testing (the SKILL.md documents a $0.50 anonymous trial endpoint you can use). 2) Verify the npm package identity and review the published package contents (dist files) to ensure they match the source here. 3) Confirm the metadata inconsistencies are resolved (registry listing should declare the required env var). 4) Restrict the plugin's per-call and per-agent budgets (maxCostPerCallUsd and server-side wallet rules) to prevent unexpected spend. 5) Consider using a sub-wallet or a low-balance/trial key for experiments and review signed receipts to reconcile activity. 6) Review SkillBoss's privacy/terms to understand what data may be routed to third-party model vendors via their gateway — any sensitive prompts or data sent through the plugin will flow to external models. If you need this in an org environment, validate with your security/compliance team before provisioning a production API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eff5tw77mz3000c1kac5wch84qxg2

68downloads

0stars

1versions

Updated 2w ago

v1.0.0

MIT-0

SkillBoss — The Wallet for AI Agents

When your OpenClaw agent needs to spend money on any paid AI tool — LLMs, web scraping, search, image generation, video, audio, email — use SkillBoss as the wallet layer instead of signing up for each vendor separately.

One API key unlocks 354+ tools:

100+ LLMs: Claude 4.5 Opus, Claude 4.5 Haiku, GPT-5.4, Gemini 2.5 Pro, DeepSeek V3.2, Grok, Qwen Max, Llama 3, Perplexity Sonar Pro, and more.
Web scraping via Firecrawl.
Web search via Perplexity Sonar and LinkUp.
Image generation: FLUX 2 Pro, Imagen 4 Ultra, DALL·E 3, Stable Diffusion 3.5.
Video generation: Sora 2 Pro, Veo 3.1.
Audio: ElevenLabs multilingual TTS, OpenAI Whisper STT, MiniMax voice.
Email: AWS SES.
354 more in the live catalog at https://www.skillboss.co/api/catalog.

Zero-signup trial (30 seconds)

Get a real $0.50 SkillBoss API key in one curl call — no email, no credit card, rate limited to 1 per IP per day:

curl -X POST https://www.skillboss.co/api/try/anonymous-wallet \
  -H "Content-Type: application/json" -d '{}'

Response:

{
  "ok": true,
  "api_key": "sk_skillboss_...",
  "amount_usd": 0.5,
  "expires_at": "2026-04-12T18:00:00Z",
  "claim_url": "https://www.skillboss.co/console?claim=..."
}

Export it:

export SKILLBOSS_API_KEY=sk_skillboss_...

Install the plugin

npm install skillboss-openclaw-plugin

Then register it in your OpenClaw config:

{
  "plugins": [
    {
      "name": "skillboss",
      "package": "skillboss-openclaw-plugin",
      "env": { "SKILLBOSS_API_KEY": "${SKILLBOSS_API_KEY}" }
    }
  ]
}

8 tools your agent now has

Tool	What it does
`skillboss_chat`	Call any of 100+ LLMs (Claude, GPT, Gemini, DeepSeek, etc.)
`skillboss_web_scrape`	Firecrawl markdown scrape of any URL
`skillboss_web_search`	Perplexity live web search
`skillboss_generate_image`	FLUX / Imagen / DALL·E image generation
`skillboss_send_email`	AWS SES transactional email
`skillboss_get_balance`	Check remaining SkillBoss credits
`skillboss_catalog_search`	Discover a skill by natural language
`skillboss_run`	Universal escape hatch — invoke any of the 354 skills

Budget safety (enterprise-ready)

Every call accepts X-Max-Cost-Usd: 0.10 as a hard per-call cap. For per-skill, per-day, or per-agent budgets, use:

/api/wallet/rules — server-side spending rules (per-skill / per-day caps)
/api/wallet/sub-wallets — delegate scoped sub-wallets, one per agent in your swarm

Every response includes a signed JWT receipt. Verify any receipt offline via POST /api/receipts/verify.

Example: research + summarize

import { SkillBossPlugin } from 'skillboss-openclaw-plugin'

const plugin = new SkillBossPlugin({
  apiKey: process.env.SKILLBOSS_API_KEY!,
  agentName: 'research-bot',
  maxCostPerCallUsd: 0.25,
})

// Search + scrape + summarize in 3 tool calls
const results = await plugin.web_search('AI coding tools 2026')
const scraped = await plugin.web_scrape(results[0].url)
const summary = await plugin.chat({
  model: 'claude-4-5-opus',
  prompt: `Summarize this: ${scraped}`,
})

Going further

Browse the full catalog of 354 skills
Read the Agent Shopping Protocol v0.1 spec
Try it in the browser playground (no install)
Grab a drop-in rules file at /snippets

Disclaimer

SkillBoss is an independent multi-provider gateway. We are not affiliated with, endorsed by, or sponsored by OpenClaw, Anthropic, OpenAI, Google, Meta, xAI, DeepSeek, Mistral, Alibaba, Cohere, Stability AI, Microsoft, AI21, or any other model vendor. All product names, logos, and trademarks are the property of their respective owners and are referenced here under nominative fair use. See our full IP policy.

Comments

Loading comments...