Pub Skillcreator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is mostly an instruction-only API guide, but it gives an agent broad command-line access to a model gateway that includes batch email and SMS actions without clear approval limits.
Install only if you intend to let the agent use SkillBoss with your API key. Before use, set clear rules that email, SMS, batch messaging, document upload, and media processing require your explicit approval, and verify any referenced helper command such as run.mjs before running it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses these capabilities incorrectly or too broadly, it could send unwanted emails or texts through the user's account and potentially incur costs or reputational harm.
The skill catalog includes actions that send external communications, including batch email and SMS. The visible artifacts do not provide explicit confirmation, recipient allowlist, rate-limit, or cost-control guidance for these high-impact actions.
`email/send` | Send single email ... `email/batch` | Send batch emails ... `prelude/notify-batch` | Batch SMS notifications
Use a limited API key where possible, require explicit user confirmation before any email/SMS send or batch action, and review recipients and message content before execution.
Anyone or any agent action with access to this key may be able to consume the user's SkillBoss quota and use enabled services.
The skill clearly requires a bearer API key for SkillBoss. This is expected for the integration, but the same credential appears to enable many provider/model actions.
requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY" ... Authorization: Bearer $SKILLBOSS_API_KEYStore the key securely, prefer a dedicated least-privilege key if supported, monitor API usage, and revoke the key if unexpected activity appears.
If an agent follows these examples, it may try to execute an unreviewed local command named run.mjs if one exists in the environment.
Several documentation examples reference a run.mjs helper, but no such file or install mechanism is included in the manifest. These look like examples, not automatic execution, but a user should verify any helper before running it.
run.mjs --model bedrock/claude-4-5-sonnet --prompt "Explain quantum computing"
Prefer the visible curl examples or only run a helper script after confirming its source and contents.
Prompts, files, audio, or other content submitted through this skill may leave the local environment and be processed by SkillBoss and downstream providers.
The skill discloses routing user prompts or media through a gateway to multiple external providers, including smart routing. This is purpose-aligned, but the artifacts do not describe provider selection controls, data retention, or privacy boundaries.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID, or use smart routing
Avoid sending sensitive or regulated data unless the provider terms and routing behavior are acceptable; choose specific models/providers when privacy matters.