Back to skill
Skillv1.0.0
ClawScan security
search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 3:00 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (web search and content extraction via SkillBoss API) and it only requires the SKILLBOSS_API_KEY, but there are a few minor inconsistencies and privacy risks you should be aware of before installing.
- Guidance
- This skill appears to do what it says: it sends queries and URLs to a SkillBoss API endpoint and returns results. Before installing: (1) Verify you trust the third‑party domain (api.heybossai.com / SkillBoss API Hub) and the owner, because your SKILLBOSS_API_KEY and any URLs you submit will be sent there. (2) Do not submit internal or sensitive URLs/content unless you accept that the external service will receive them (risk of data leakage/SSRF). (3) Ensure jq and curl are available on the environment (scripts expect both). (4) Prefer creating a scoped API key on SkillBoss (least privilege) and review the provider's privacy/data retention policy. (5) Note small metadata oddities (skill name in SKILL.md is 'exa', no homepage/source listed) which lower provenance confidence—if provenance matters, request more info from the publisher.
Review Dimensions
- Purpose & Capability
- okThe name/description match the scripts: all three bash scripts call https://api.heybossai.com/v1/pilot and require SKILLBOSS_API_KEY. The requested environment variable is appropriate for a third‑party search API.
- Instruction Scope
- noteSKILL.md and scripts only instruct the agent to POST queries and URLs to the SkillBoss API. They do not read other local files or extra env vars. However content.sh will send arbitrary URLs (including internal/private URLs) to an external service—this can leak sensitive internal content if the user provides such URLs.
- Install Mechanism
- okThere is no install step (instruction-only plus bundled scripts), so nothing is downloaded or executed at install time. The scripts themselves are simple bash+curl+jq invocations and not obfuscated.
- Credentials
- noteOnly SKILLBOSS_API_KEY is required, which is proportional. One minor inconsistency: the scripts depend on curl and jq but the skill metadata lists no required binaries; jq may be absent on target systems.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills or system configs, and requires no persistent privileges beyond the API key you provide.