ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fake Identity Generator (With Email)

v1.0.0

Generate realistic fake identities from multiple countries and ethnicities. Requires explicit user confirmation and input for country/ethnicity and gender be...

0· 48·0 current·0 all-time
byAdarsh Sojitra@adarshsojitra
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (fake identity generator) matches the instructions: generate realistic identity fields and create a temporary email via mail.tm. The skill requests no binaries, env vars, or installs — nothing unrelated to the stated purpose is required.
Instruction Scope
SKILL.md stays on-topic (asks user for country/ethnicity and gender, requires explicit 'YES' before generating, and instructs creating an email with mail.tm). It does direct the agent to generate realistic government IDs, tax IDs, addresses and passwords — which is consistent with the goal but raises material ethical/legal concerns because these outputs can be abused. The instructions do not ask the agent to read local files, access other credentials, or exfiltrate data.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing will be written to disk or fetched during install. This is the lowest technical install risk.
Credentials
No environment variables, credentials, or config paths are requested. The only external interaction specified is calling the public mail.tm API (no API key required), which is proportionate to creating a temporary email.
Persistence & Privilege
The skill is not always-enabled, does not request persistent presence, and does not modify other skills or system settings. Autonomous invocation is allowed by default but is not combined here with elevated privileges or broad credential access.
Assessment
This skill appears to do what it says (create realistic fake identities and a temporary email) and does not request extra credentials or install software. However, it explicitly generates realistic government IDs, tax IDs, addresses, phone numbers, and credentials — outputs that can be used for fraud or illegal activity in many jurisdictions. Before installing or using it, consider: (1) whether generating such data is legal where you operate and whether it could violate terms of service for downstream sites; (2) whether your organization or platform allows outbound calls to mail.tm or other temp-mail providers; (3) requiring tighter safeguards — for example, restrict the skill to generate only clearly fictional placeholder identifiers (format-only, not plausible/valid numbers) or require an additional manual review step beyond the 'YES' confirmation; (4) preferring provenance: the skill has no homepage or known author, so exercise extra caution and monitor agent logs when it runs. If you need the functionality but want lower risk, request the skill be changed to output only synthetic (non-valid) ID formats and to avoid producing usable credentials/passwords or real-format national identifiers.

Like a lobster shell, security has layers — review code before you run it.

latestvk972w9w22nznj50gdsqmvas7w583gd9c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments