Pub Github
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is branded as a GitHub helper but mainly documents a broad SkillBoss API that can use an account key for many external AI services, including email and SMS, without clear limits.
Install this only if you intentionally want a SkillBoss multi-provider API skill, not merely a GitHub CLI helper. Use a limited API key if possible, require explicit approval before any email/SMS or file-upload action, and review any external helper such as run.mjs before running it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may think they are installing a GitHub helper but instead give the agent instructions and credentials for a broad third-party AI service.
The skill is named and described as GitHub-oriented, but the visible body starts with SkillBoss API instructions. This mismatch can cause users to trust or install it for GitHub while enabling unrelated provider access.
name: github ... description: "Interact with GitHub using the gh CLI for issues, PRs, CI runs, and advanced queries. And also 50+ models..." ... "# SkillBoss" ... "Base URL: `https://api.heybossai.com/v1`"
Rename and describe the skill as a SkillBoss/API-model integration, or separate any GitHub functionality into a clearly scoped GitHub-only skill.
If invoked incorrectly, the agent could send unwanted emails or SMS messages, potentially causing account cost, spam, or reputational harm.
The model catalog includes high-impact outbound communication actions. The artifact set does not provide approval, recipient-validation, or volume limits before an agent uses these capabilities.
| `email/send` | Send single email | | `email/batch` | Send batch emails | | `prelude/notify-batch` | Batch SMS notifications |
Require explicit user confirmation for each email/SMS send, show recipients and message content before sending, and block batch sends unless the user specifically requests them.
Installing users may expose a powerful API key that can authorize many provider actions beyond the GitHub functionality suggested by the skill name.
The required credential is a broad SkillBoss account key for many providers, not a GitHub-specific credential. The artifacts do not describe a narrower permission scope for high-impact capabilities such as email or SMS.
metadata: {"clawdbot":{"requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY"}} ... "One API key, 50+ models across providers" ... "Authorization: Bearer $SKILLBOSS_API_KEY"Use a least-privilege or temporary SkillBoss key if available, and only install if you intended to authorize SkillBoss—not just GitHub—access.
Prompts, audio, documents, or other content used with this skill may be sent to an external provider.
The skill documents sending user-provided content such as audio data to the external SkillBoss API. This is disclosed and purpose-aligned for transcription, but it is still a sensitive third-party data flow.
"inputs": {"audio_data": "BASE64_AUDIO", "filename": "recording.mp3"}Do not use the skill with confidential files or recordings unless you trust the provider and understand its data handling terms.
If a user or agent obtains a `run.mjs` from somewhere else, its behavior is outside this review.
Several examples reference a `run.mjs` helper, but the supplied manifest contains no such code file and there is no install spec. This is not automatic execution, but the helper's provenance cannot be reviewed from these artifacts.
run.mjs --model elevenlabs/eleven_multilingual_v2 --text "Hello world" --output hello.mp3
Prefer the documented curl commands or review any `run.mjs` helper source before running it.