Is jobber safe?

https://clawhub.ai/byungkyu/jobber

88
SAFE

Jobber skill is clean technically (no code exec, exfil, or injection in install/docs) but risky due to required API key enabling external access to sensitive business data (clients, invoices). GraphQL flexibility allows bulk PII/financial extraction; benign alone but dangerous with agent tools. External dependencies (maton.ai) introduce supply chain trust.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (4)

MEDIUM Requires sensitive MATON_API_KEY granting Jobber business data access -15

Skill mandates MATON_API_KEY env var which authenticates to maton.ai gateway, proxying to Jobber API. This enables reading client emails/phones, invoices, jobs across all user connections.

LOW External clawhub skill reference -5

Mentions 'api-gateway skill (https://clawhub.ai/byungkyu/api-gateway)' which could encourage chaining to other potentially risky skills.

MEDIUM GraphQL enables bulk sensitive data extraction -25

Powerful queries (clients with emails/phones, invoices with totals) combined with pagination can exfiltrate entire business datasets if agent is prompted adversarially.

HIGH Persistent OAuth connections to external service -25

Creates/refreshes OAuth connections to Jobber via maton.ai, granting long-term external access to user's field service business data without ongoing user consent checks.