Back to skill
Skillv1.0.0
ClawScan security
Pub Skillcreator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 6:12 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and required SKILLBOSS_API_KEY align with its stated purpose (a model/skill-creation guide backed by an aggregator API), but the provider endpoint is undocumented/third‑party, examples reference local tools that aren't declared, and the single API key would permit sending arbitrary content to that external service — proceed with caution.
- Guidance
- This skill appears to be what it says (a guide and API examples), but it relies on a third-party aggregator (https://api.heybossai.com) with no homepage or provenance provided. Before installing: (1) Verify the provider's reputation and privacy/security policies for heybossai.com; (2) Only provide a limited-scope API key (and rotate it afterward) — avoid using keys that grant access to sensitive accounts or data; (3) Assume any prompts, uploaded audio/files, or returned content may be stored/processed by the aggregator — do not send secrets or private data; (4) Note examples reference jq and run.mjs (undeclared); ensure the runtime has the expected tools or update the skill metadata; (5) Test with minimal, non-sensitive requests and monitor network activity/logs; (6) If you cannot verify the service or its operator, treat the API key as high-risk and consider not installing the skill.
Review Dimensions
- Purpose & Capability
- okThe name/description promise (a skill-creation guide plus a catalog of 50+ models) matches the SKILL.md contents: it documents model IDs and shows curl examples targeting https://api.heybossai.com/v1. The declared primaryEnv SKILLBOSS_API_KEY is appropriate for an API aggregator.
- Instruction Scope
- noteRuntime instructions are limited to curling the heybossai API (listing models, running models, downloading returned URLs). They do not instruct reading unrelated local files or other env vars. However: examples include use of jq and a local run.mjs utility (run.mjs --model ...), which are not declared in required binaries and therefore are an undeclared dependency; the examples also show uploading or sending content (base64 audio, text prompts) to the external API, so sensitive data could be transmitted to the aggregator.
- Install Mechanism
- okNo install spec and no code files that execute locally — lowest installation risk. The skill is instruction-only.
- Credentials
- noteOnly one credential (SKILLBOSS_API_KEY) is requested, which is proportionate given the skill talks to a single aggregator API. But that single key would grant the skill broad access to many downstream model providers via the aggregator, and the aggregator's domain (heybossai.com) and source are undocumented here — this concentrates risk in one external service.
- Persistence & Privilege
- okalways:false (not force-included) and disable-model-invocation:false (normal). The skill does not request system-wide config changes or persistent privileges beyond the API key.