Skillv1.0.0

ClawScan security

blog-to-kindle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 2:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what its name says (fetch blogs, build EPUB, generate cover, send via Mail.app) but contains multiple inconsistencies and undocumented/ambiguous requirements (API host differences, env-var declaration mismatches, hardcoded default Kindle address and claimed state paths) that warrant caution before use.
Guidance: Before installing or running this skill: (1) Inspect and correct the SKILL.md vs registry metadata mismatch — the scripts require SKILLBOSS_API_KEY. (2) Verify which API host you will contact (api.heybossai.com vs api.skillbossai.com/heyboss) and whether you trust that third party with an API key; create a dedicated/restricted key if possible. (3) Replace or remove the hardcoded default Kindle email and double-check recipients before sending — the send script uses Mail.app and will actually send email. (4) Be aware the skill downloads images from a remote URL returned by the image API (the downloaded content will be written to disk). (5) The docs claim state files under ~/.clawdbot but scripts use manifest.json in the output directory — confirm where state will be stored and that no unexpected files are written. (6) If you plan to scrape sites, ensure you have permission and are comfortable with the site's terms/copyright. (7) Run the scripts in a controlled environment (or review/fix the endpoint/response handling) and test with dummy files/addresses before providing real credentials or sending to personal Kindle addresses.

Review Dimensions

Purpose & Capability: noteThe skill's code (fetch, compile, generate cover, send) matches the stated purpose. Requesting an image-generation API key (SKILLBOSS_API_KEY) is proportionate to the cover-generation feature. However, registry metadata reported 'no required env vars' while SKILL.md and scripts require SKILLBOSS_API_KEY — this mismatch is unexpected and should be corrected/clarified.
Instruction Scope: concernSKILL.md mandates a workflow (always generate a cover, store state under ~/.clawdbot/state/blog-kindle/) that is not fully consistent with the scripts: compile_epub warns it can proceed without a cover, fetch_blog and other scripts do not read/write the claimed ~/.clawdbot state path (they write a manifest into the chosen output dir). SKILL.md and scripts also use different API endpoint hosts and different expected JSON shapes for image results (api.skillbossai.com vs api.heybossai.com, different result keys). These discrepancies could cause failures or unexpected behavior and indicate sloppy/incomplete instructions.
Install Mechanism: okNo install spec is provided (instruction-only install); code files are bundled but there is no remote download or extracted archive. No high-risk installer patterns detected.
Credentials: concernThe only runtime secret used is SKILLBOSS_API_KEY for image generation, which is reasonable for that feature — but (a) the registry metadata does not list this env var while SKILL.md and scripts reference it, and (b) multiple places in documentation and code reference different API hosts (skillbossai vs heybossai), raising questions about which third-party service will receive your key. The skill also contains a hardcoded default Kindle email (a personal address). That is not a secret but is unexpected and should be replaced or removed.
Persistence & Privilege: noteSKILL.md claims state files are stored under ~/.clawdbot/state/blog-kindle/, implying persistent state; however the provided scripts create and use a manifest inside the user-specified output directory and do not read/write the described ~/.clawdbot path. The skill is not marked 'always: true' and does not request system-wide privileges, but the mismatch should be clarified.