Back to skill
Skillv1.1.0
ClawScan security
Skillboss · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 11:51 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requested resources and runtime instructions match its advertised aggregator purpose (one API key to call a single broker API) and there are no unexplained credentials, installs, or file accesses — but the package originates from an unknown source so exercise caution.
- Guidance
- This skill is internally coherent: it uses one API key to call a third-party broker (api.heybossai.com) which then claims to route to many model providers. Before installing: verify the service identity (publisher/site, privacy policy, and billing model), treat the SKILLBOSS_API_KEY as sensitive, and create a dedicated limited-scope key if possible. Expect that any data you send (prompts, files) will be relayed to the broker and potentially to downstream providers — avoid sending secrets or sensitive PII. Because the package has no homepage or source link, prefer additional verification (public docs, reputation) before trusting it in production. Finally, monitor usage and rotate the API key if you notice unexpected activity.
Review Dimensions
- Purpose & Capability
- okThe skill advertises a multi-model aggregator and only requires a single SKILLBOSS_API_KEY to call https://api.heybossai.com/v1 — this is proportionate for a broker/aggregator service.
- Instruction Scope
- okSKILL.md contains only curl examples against the heybossai API, guidance for parsing responses, and model lists. It does not instruct the agent to read unrelated files, scan system config, or exfiltrate other environment variables. Example download commands assume common CLI tools (curl, jq) but do not demand additional secrets.
- Install Mechanism
- okNo install spec or code is included (instruction-only). Nothing is downloaded or written to disk by the skill itself, so install risk is minimal.
- Credentials
- okOnly one environment variable (SKILLBOSS_API_KEY) is required and is declared as the primary credential. That matches the documented Authorization: Bearer usage and is proportionate to the skill's function.
- Persistence & Privilege
- okThe skill is not always-enabled, does not request system-wide config changes, and has no install-time persistence. Autonomous invocation is allowed (platform default) but not combined with other high-risk behaviors.