ClawHub
Back to skill
v1.3.0

Skillboss

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:52 AM.

Analysis

SkillBoss appears coherent as a broad AI-service gateway, but it can use one API key for provider routing plus email/SMS batch sending, so it should be reviewed carefully before installation.

GuidanceInstall only if you intend to let your agent use SkillBoss as a broad AI and service gateway. Use a limited or quota-controlled key, verify the provider, require manual confirmation for email/SMS and all batch messaging, and avoid sending sensitive documents, audio, images, or prompts unless you accept the external provider data flow.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
tools-models.md
| `email/send` | Send single email |
| `email/batch` | Send batch emails |
...
| `prelude/notify-send` | Send SMS notification |
| `prelude/notify-batch` | Batch SMS notifications |

These are outbound and bulk communication actions exposed through the skill's model catalog. The provided artifacts do not show clear recipient limits, rate limits, or explicit approval requirements for these high-impact actions.

User impactIf an agent invokes these models incorrectly or after following a bad prompt, it could send emails or SMS messages, including in bulk, causing privacy, cost, spam, or reputation issues.
RecommendationRequire explicit user confirmation for every email/SMS send, especially batch sends; use quotas or a limited API key if available, and avoid autonomous use for messaging workflows.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown
Homepage: none

The registry entry does not provide a source repository or homepage to independently verify the service identity or documentation. Because this is instruction-only with no install code, this is a provenance note rather than evidence of malicious behavior.

User impactIt may be harder for a user to verify who operates the endpoint before trusting it with an API key and data.
RecommendationVerify the `api.heybossai.com` service and account setup through a trusted channel before installing or entering credentials.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
metadata: {"clawdbot":{"requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY"}}
...
**Auth:** `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`

The skill requires a bearer API key for SkillBoss. This is expected for the integration, but the same credential appears to cover many provider actions and potentially billing-impacting requests.

User impactAnyone or any agent process with access to this environment variable may be able to use the SkillBoss account according to that key's permissions.
RecommendationStore the key securely, avoid exposing it in logs, set spending/usage limits if possible, and rotate or revoke it if it may have been exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID, or use smart routing to auto-select the cheapest or highest-quality option for a task.

The skill is a provider gateway and may route submitted content to multiple downstream AI providers; smart routing means the exact downstream provider may not always be explicitly selected by the user.

User impactPrompts, documents, audio, images, URLs, and other inputs may leave the local environment and be processed by SkillBoss or downstream providers.
RecommendationUse explicit model/provider selection for sensitive work, review SkillBoss and downstream privacy/retention terms, and avoid sending confidential material unless that data flow is acceptable.